diff --git a/.github/workflows/maintenance-v1.yaml b/.github/workflows/maintenance-v1.yaml index 2afb823951..2d9c5dba1f 100644 --- a/.github/workflows/maintenance-v1.yaml +++ b/.github/workflows/maintenance-v1.yaml @@ -20,18 +20,15 @@ jobs: python-version: 3.13 - id: maintenance run: | - latest_sam_cli=`curl -s https://api.github.com/repos/aws/aws-sam-cli/releases/latest | jq -r .tag_name | cut -c 2-` - latest=`curl "https://pypi.org/pypi/aws-sam-cli/$latest_sam_cli/json" -s | jq -r '.info.requires_dist[] | select(contains("aws-sam-translator"))' | cut -c 21-` - sed -i -E "s/aws-sam-translator>=[0-9.]+/aws-sam-translator>=$latest/" requirements/base.txt pip install -e . pip install requests rm -rf src/cfnlint/data/DownloadsMetadata/* cfn-lint --update-iam-policies cfn-lint --update-documentation scripts/update_specs_from_pricing.py - scripts/update_serverless_aws_policies.py scripts/smithy/update_schemas_from_smithy.py scripts/update_schemas_from_aws_api.py + scripts/update_sam_schemas.py cfn-lint --update-specs echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT env: diff --git a/docs/sam-schema-gaps.md b/docs/sam-schema-gaps.md new file mode 100644 index 0000000000..986df3b459 --- /dev/null +++ b/docs/sam-schema-gaps.md @@ -0,0 +1,58 @@ +# SAM Schema Migration — Known Gaps + +## Generated Resources (Ref/GetAtt targets) + +The SAM transform generates additional CFN resources with predictable logical ID +suffixes. These resources can be targets of `!Ref` and `!GetAtt` in templates. +Without the transform, cfn-lint won't know these resources exist. + +### Resource Generation Patterns + +| SAM Type | Suffix | Generated CFN Type | Conditional | +|----------|--------|--------------------|-------------| +| `AWS::Serverless::Function` | *(same)* | `AWS::Lambda::Function` | No | +| | `Role` | `AWS::IAM::Role` | When no `Role` property | +| | `Version*` | `AWS::Lambda::Version` | When `AutoPublishAlias` | +| | `Alias*` | `AWS::Lambda::Alias` | When `AutoPublishAlias` | +| | `Url` | `AWS::Lambda::Url` | When `FunctionUrlConfig` | +| | `{EventName}Permission` | `AWS::Lambda::Permission` | Per event source | +| `AWS::Serverless::Api` | *(same)* | `AWS::ApiGateway::RestApi` | No | +| | `Deployment*` | `AWS::ApiGateway::Deployment` | No | +| | `Stage` | `AWS::ApiGateway::Stage` | No | +| | `DomainName` | `AWS::ApiGateway::DomainName` | When `Domain` | +| | `UsagePlan` | `AWS::ApiGateway::UsagePlan` | When `Auth` | +| `AWS::Serverless::HttpApi` | *(same)* | `AWS::ApiGatewayV2::Api` | No | +| | `Stage` | `AWS::ApiGatewayV2::Stage` | No | +| `AWS::Serverless::StateMachine` | *(same)* | `AWS::StepFunctions::StateMachine` | No | +| | `Role` | `AWS::IAM::Role` | When no `Role` property | +| `AWS::Serverless::SimpleTable` | *(same)* | `AWS::DynamoDB::Table` | No | +| `AWS::Serverless::LayerVersion` | *(same)* | `AWS::Lambda::LayerVersion` | No | +| `AWS::Serverless::Application` | *(same)* | `AWS::CloudFormation::Stack` | No | + +`*` = Suffix includes a hash or version identifier (e.g., `MyFunctionDeploymentabc123`) + +### Impact + +- `!Ref MyFunctionRole` — Won't resolve because `MyFunctionRole` isn't in the template +- `!GetAtt MyApi.Stage` — Won't resolve for the same reason +- Cross-resource relationship rules (e.g., API Gateway Method → RestApi) won't see + SAM-generated resources + +### Mitigation Options + +1. **Accept the gap** — Most users reference SAM resources by their declared logical ID, + not the generated suffixed resources. The primary resource (same logical ID) works. +2. **Context-aware resource injection** — During context creation, inspect SAM resources + and inject synthetic resource entries for known generated resources. This would let + Ref/GetAtt resolve without running the transform. +3. **Custom rule** — A SAM-specific rule could validate references to known generated + resource patterns. + +### Types Without CFN Mapping + +These SAM types don't have a clear 1:1 primary CFN resource mapping: + +- `AWS::Serverless::Connector` — Generates IAM policies, no primary resource + +GetAtt/Ref for Connector will error since it has no `readOnlyProperties` or +`primaryIdentifier`. This is correct — you'd never `!Ref` or `!GetAtt` a Connector. diff --git a/pyproject.toml b/pyproject.toml index f2a67e9d5a..1f6cce034c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -183,10 +183,6 @@ ignore_missing_imports = true module = "importlib_resources.*" ignore_missing_imports = true -[[tool.mypy.overrides]] -module = "samtranslator.*" -ignore_missing_imports = true - [[tool.mypy.overrides]] module = "sarif_om.*" ignore_missing_imports = true diff --git a/requirements/base.txt b/requirements/base.txt index 57e9ab1f5c..c3ab58bf17 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -1,5 +1,4 @@ pyyaml>5.4 -aws-sam-translator>=1.109.0 jsonpatch networkx>=2.4,<4 sympy>=1.14.0 diff --git a/scripts/update_sam_schemas.py b/scripts/update_sam_schemas.py new file mode 100755 index 0000000000..e918d3486c --- /dev/null +++ b/scripts/update_sam_schemas.py @@ -0,0 +1,727 @@ +#!/usr/bin/env python +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 + +Downloads the SAM JSON Schema from the serverless-application-model repo +and decomposes it into per-resource-type schemas compatible with cfn-lint's +provider schema format. + +The SAM schema uses a naming convention like: + samtranslator__internal__schema_source__aws_serverless_function__Resource + samtranslator__internal__schema_source__aws_serverless_function__Properties + samtranslator__internal__schema_source__aws_serverless_function__Globals + +This script: +1. Downloads the monolithic SAM schema +2. Extracts per-resource schemas in CFN provider schema format +3. Extracts Globals schemas +4. Resolves $ref pointers to inline definitions +5. Writes schemas to src/cfnlint/data/schemas/ +""" + +from __future__ import annotations + +import ast +import hashlib +import json +import logging +import re +import sys +from copy import deepcopy +from pathlib import Path +from typing import Any +from urllib.request import urlopen + +LOGGER = logging.getLogger("cfnlint") + +SAM_SCHEMA_URL = ( + "https://raw.githubusercontent.com/aws/serverless-application-model" + "/main/samtranslator/schema/schema.json" +) + +# Prefix used in SAM schema definition keys +SAM_DEF_PREFIX = "samtranslator__internal__schema_source__" + +# Map from SAM schema module names to CFN type names +SAM_TYPE_MAP = { + "aws_serverless_api": "AWS::Serverless::Api", + "aws_serverless_application": "AWS::Serverless::Application", + "aws_serverless_capacity_provider": "AWS::Serverless::CapacityProvider", + "aws_serverless_connector": "AWS::Serverless::Connector", + "aws_serverless_function": "AWS::Serverless::Function", + "aws_serverless_graphqlapi": "AWS::Serverless::GraphQLApi", + "aws_serverless_httpapi": "AWS::Serverless::HttpApi", + "aws_serverless_layerversion": "AWS::Serverless::LayerVersion", + "aws_serverless_simpletable": "AWS::Serverless::SimpleTable", + "aws_serverless_statemachine": "AWS::Serverless::StateMachine", + "aws_serverless_websocketapi": "AWS::Serverless::WebSocketApi", +} + + +# Map SAM types to their primary CFN resource type (same logical ID). +# The SAM transform produces a CFN resource at the same logical ID, +# so GetAtt/Ref attributes come from the underlying CFN type. +SAM_TO_CFN_TYPE: dict[str, str] = { + "aws_serverless_api": "AWS::ApiGateway::RestApi", + "aws_serverless_application": "AWS::CloudFormation::Stack", + "aws_serverless_capacity_provider": "AWS::ECS::CapacityProvider", + "aws_serverless_function": "AWS::Lambda::Function", + "aws_serverless_graphqlapi": "AWS::AppSync::GraphQLApi", + "aws_serverless_httpapi": "AWS::ApiGatewayV2::Api", + "aws_serverless_layerversion": "AWS::Lambda::LayerVersion", + "aws_serverless_simpletable": "AWS::DynamoDB::Table", + "aws_serverless_statemachine": "AWS::StepFunctions::StateMachine", + "aws_serverless_websocketapi": "AWS::ApiGatewayV2::Api", +} + + +def _strip_refs(obj: Any) -> Any: + """Remove $ref from a schema, simplifying allOf/anyOf wrappers.""" + if isinstance(obj, dict): + if "$ref" in obj: + return {} + result: dict[str, Any] = {} + for k, v in obj.items(): + if k in ("allOf", "anyOf", "oneOf") and isinstance(v, list): + cleaned = [_strip_refs(item) for item in v] + cleaned = [c for c in cleaned if c != {}] + if not cleaned: + continue + if len(cleaned) == 1: + result.update(cleaned[0]) + continue + result[k] = cleaned + else: + result[k] = _strip_refs(v) + return result + if isinstance(obj, list): + return [_strip_refs(item) for item in obj] + return obj + + +def configure_logging(): + ch = logging.StreamHandler() + ch.setLevel(logging.INFO) + LOGGER.setLevel(logging.INFO) + log_formatter = logging.Formatter( + "%(asctime)s - %(name)s - %(levelname)s - %(message)s" + ) + ch.setFormatter(log_formatter) + for handler in LOGGER.handlers: + LOGGER.removeHandler(handler) + LOGGER.addHandler(ch) + + +def download_sam_schema() -> dict[str, Any]: + """Download the SAM schema from GitHub.""" + LOGGER.info("Downloading SAM schema from %s", SAM_SCHEMA_URL) + with urlopen(SAM_SCHEMA_URL, timeout=30) as response: + schema: dict[str, Any] = json.loads(response.read().decode("utf-8")) + return schema + + +def _get_defs_for_module(all_defs: dict[str, Any], module_name: str) -> dict[str, str]: + """Get all definition keys belonging to a SAM module. + + Returns a dict mapping the short name (e.g. 'ApiEvent') to the full + definition key. + """ + prefix = f"{SAM_DEF_PREFIX}{module_name}__" + result = {} + for key in all_defs: + if key.startswith(prefix): + short_name = key[len(prefix) :] + result[short_name] = key + return result + + +def _collect_refs(obj: Any) -> set[str]: + """Recursively collect all $ref targets from a schema object.""" + refs: set[str] = set() + if isinstance(obj, dict): + if "$ref" in obj: + ref = obj["$ref"] + if ref.startswith("#/definitions/"): + refs.add(ref[len("#/definitions/") :]) + for v in obj.values(): + refs.update(_collect_refs(v)) + elif isinstance(obj, list): + for item in obj: + refs.update(_collect_refs(item)) + return refs + + +def _collect_all_refs(all_defs: dict[str, Any], root_refs: set[str]) -> set[str]: + """Transitively collect all referenced definitions.""" + collected: set[str] = set() + queue = list(root_refs) + while queue: + ref = queue.pop() + if ref in collected: + continue + collected.add(ref) + if ref in all_defs: + new_refs = _collect_refs(all_defs[ref]) + queue.extend(new_refs - collected) + return collected + + +def _clean_schema(obj: Any) -> Any: + """Remove SAM-specific keys that aren't valid in cfn-lint schemas.""" + if isinstance(obj, dict): + cleaned = {} + for k, v in obj.items(): + if k in ("markdownDescription", "title", "description"): + continue + cleaned[k] = _clean_schema(v) + return cleaned + if isinstance(obj, list): + return [_clean_schema(item) for item in obj] + return obj + + +def _shorten_ref(ref_str: str) -> str: + """Convert a SAM definition ref to a short local definition name. + + e.g. '#/definitions/samtranslator__internal__...__function__ApiEvent' + becomes '#/definitions/ApiEvent' + """ + if not ref_str.startswith("#/definitions/"): + return ref_str + full_name = ref_str[len("#/definitions/") :] + # Extract the short name after the last double-underscore segment + # that matches a SAM module prefix + if SAM_DEF_PREFIX in full_name: + # Get everything after the module prefix + after_prefix = full_name[len(SAM_DEF_PREFIX) :] + # Split on __ to get module and short name + parts = after_prefix.split("__") + if len(parts) >= 2: + short_name = parts[-1] + return f"#/definitions/{short_name}" + return ref_str + + +def _rewrite_refs(obj: Any) -> Any: + """Rewrite $ref pointers to use short definition names.""" + if isinstance(obj, dict): + result = {} + for k, v in obj.items(): + if k == "$ref" and isinstance(v, str): + result[k] = _shorten_ref(v) + else: + result[k] = _rewrite_refs(v) + return result + if isinstance(obj, list): + return [_rewrite_refs(item) for item in obj] + return obj + + +def _short_def_name(full_key: str) -> str: + """Extract short definition name from a full SAM definition key.""" + if SAM_DEF_PREFIX in full_key: + after_prefix = full_key[len(SAM_DEF_PREFIX) :] + parts = after_prefix.split("__") + if len(parts) >= 2: + return parts[-1] + return full_key + + +def build_resource_schema( + type_name: str, + module_name: str, + all_defs: dict[str, Any], +) -> dict[str, Any] | None: + """Build a cfn-lint compatible resource schema for a SAM type. + + The output format matches CFN provider schemas with: + - typeName + - properties (from the Properties definition) + - definitions (resolved from $refs) + - additionalProperties: false + - required + - readOnlyProperties (empty for SAM — no read-only attrs) + - primaryIdentifier + """ + module_defs = _get_defs_for_module(all_defs, module_name) + + if "Properties" not in module_defs: + LOGGER.warning("No Properties definition found for %s", type_name) + return None + + properties_schema = deepcopy(all_defs[module_defs["Properties"]]) + + # Collect all referenced definitions transitively + root_refs = _collect_refs(properties_schema) + all_needed_refs = _collect_all_refs(all_defs, root_refs) + + # Build the definitions dict with short names + definitions: dict[str, Any] = {} + for ref_key in sorted(all_needed_refs): + if ref_key not in all_defs: + continue + short_name = _short_def_name(ref_key) + definitions[short_name] = _clean_schema(deepcopy(all_defs[ref_key])) + + # Rewrite all $refs to use short names + definitions = _rewrite_refs(definitions) + properties_schema = _rewrite_refs(_clean_schema(properties_schema)) + + # Build the CFN-style schema + # readOnlyProperties come from the underlying CFN type that SAM produces + # at the same logical ID. This enables GetAtt validation. + schema: dict[str, Any] = { + "typeName": type_name, + "additionalProperties": False, + "properties": properties_schema.get("properties", {}), + } + + # Copy readOnlyProperties and primaryIdentifier from the underlying CFN type + cfn_type = SAM_TO_CFN_TYPE.get(module_name) + if cfn_type: + try: + from cfnlint.schema.manager import PROVIDER_SCHEMA_MANAGER + + cfn_schema = PROVIDER_SCHEMA_MANAGER.get_resource_schema( + "us-east-1", cfn_type + ) + pi = cfn_schema.schema.get("primaryIdentifier", []) + if pi: + schema["primaryIdentifier"] = pi + ro_props = cfn_schema.schema.get("readOnlyProperties", []) + if ro_props: + schema["readOnlyProperties"] = ro_props + cfn_props = cfn_schema.schema.get("properties", {}) + cfn_defs = cfn_schema.schema.get("definitions", {}) + for ro_prop in ro_props: + parts = ro_prop.strip("/").split("/") + if len(parts) >= 2 and parts[0] == "properties": + prop_name = parts[1] + if prop_name not in schema["properties"]: + if prop_name in cfn_props: + prop_val = deepcopy(cfn_props[prop_name]) + # Inline $ref so we don't need the CFN definition + prop_val = _inline_refs(prop_val, cfn_defs) + schema["properties"][prop_name] = prop_val + except Exception as e: + LOGGER.error( + "Could not get readOnlyProperties from %s for %s: %s", + cfn_type, + type_name, + e, + ) + + if properties_schema.get("required"): + schema["required"] = properties_schema["required"] + + if properties_schema.get("additionalProperties") is not None: + schema["additionalProperties"] = properties_schema["additionalProperties"] + + if definitions: + schema["definitions"] = definitions + + return schema + + +def build_globals_schema( + all_defs: dict[str, Any], +) -> dict[str, Any]: + """Build a schema for the SAM Globals section.""" + globals_properties: dict[str, Any] = {} + + for module_name, type_name in sorted(SAM_TYPE_MAP.items()): + module_defs = _get_defs_for_module(all_defs, module_name) + if "Globals" not in module_defs: + continue + + globals_def = deepcopy(all_defs[module_defs["Globals"]]) + # The globals key is the resource type short name + # e.g. "Function", "Api", "HttpApi" + short_type = type_name.split("::")[-1] + globals_properties[short_type] = _clean_schema(globals_def) + + return { + "type": "object", + "additionalProperties": False, + "properties": globals_properties, + } + + +def write_schema(filepath: Path, schema: dict[str, Any] | list[Any]) -> None: + """Write a schema to a JSON file.""" + filepath.parent.mkdir(parents=True, exist_ok=True) + with open(filepath, "w", encoding="utf-8") as f: + json.dump(schema, f, indent=1, sort_keys=True, separators=(",", ": ")) + f.write("\n") + + +def schema_hash(schema: dict[str, Any]) -> str: + """Generate a hash for a schema matching cfn-lint's convention.""" + return hashlib.sha256(json.dumps(schema, sort_keys=True).encode()).hexdigest()[:16] + + +def update_provider_modules(providers_dir: Path, sam_types: dict[str, str]) -> int: + """Add SAM type entries to all provider module files. + + Reads each provider .py file, parses the types dict, adds SAM entries, + and rewrites the file with all types sorted. + + Returns the number of modules updated. + """ + count = 0 + for provider_file in sorted(providers_dir.glob("*.py")): + if provider_file.name == "__init__.py": + continue + + # Read existing types + content = provider_file.read_text(encoding="utf-8") + + # Parse existing type map using ast.literal_eval on the dict literal + match = re.search(r"types:\s*dict\[str,\s*str\]\s*=\s*(\{.*\})", content, re.S) + if not match: + LOGGER.warning("Could not parse types dict in %s", provider_file.name) + continue + existing_types: dict[str, str] = ast.literal_eval(match.group(1)) + + # Remove old SAM entries and add new ones + merged = { + k: v + for k, v in existing_types.items() + if not k.startswith("AWS::Serverless::") + } + merged.update(sam_types) + + # Rewrite the file + with open(provider_file, "w", encoding="utf-8") as f: + f.write("# ruff: noqa: E501, PLR0915\n") + f.write("from __future__ import annotations\n\n") + f.write("types: dict[str, str] = {\n") + for resource_type in sorted(merged.keys()): + f.write(f' "{resource_type}": "{merged[resource_type]}",\n') + f.write("}\n") + + count += 1 + LOGGER.info(" Updated %s (%d types)", provider_file.name, len(merged)) + + return count + + +def _is_passthrough_ref(prop_def: dict[str, Any]) -> bool: + """Check if a property definition references PassThroughProp.""" + if prop_def.get("$ref") == "#/definitions/PassThroughProp": + return True + for item in prop_def.get("allOf", []): + if ( + isinstance(item, dict) + and item.get("$ref") == "#/definitions/PassThroughProp" + ): + return True + return False + + +_PASSTHROUGH_RE = re.compile( + r"is passed directly to the \[`(\w+)`\].*?`(AWS::[A-Za-z0-9:]+)`" +) + + +def _resolve_cfn_property(cfn_type: str, cfn_prop: str) -> dict[str, Any] | None: + """Look up a property schema from a CFN resource type, resolving $ref.""" + try: + from cfnlint.schema.manager import PROVIDER_SCHEMA_MANAGER + + cfn_schema = PROVIDER_SCHEMA_MANAGER.get_resource_schema("us-east-1", cfn_type) + cfn_props = cfn_schema.schema.get("properties", {}) + if cfn_prop not in cfn_props: + return None + + result = deepcopy(cfn_props[cfn_prop]) + cfn_defs = cfn_schema.schema.get("definitions", {}) + + # Resolve top-level $ref to inline the definition + if "$ref" in result: + ref_name = result["$ref"].replace("#/definitions/", "") + if ref_name in cfn_defs: + result = deepcopy(cfn_defs[ref_name]) + else: + return None + + # Resolve $ref inside items, properties, etc. + result = _inline_refs(result, cfn_defs) + return result # type: ignore[no-any-return] + except Exception as e: + LOGGER.warning("Could not resolve %s.%s: %s", cfn_type, cfn_prop, e) + return None + + +def _inline_refs(obj: Any, defs: dict[str, Any], depth: int = 3) -> Any: + """Recursively inline $ref pointers from CFN definitions up to depth. + + Depth of 3 is empirically sufficient for all current CFN schemas — + the deepest ref chains (e.g. Tag -> TagValue) are 2 levels. + """ + if depth <= 0: + return obj + + if isinstance(obj, list): + return [_inline_refs(item, defs, depth) for item in obj] + + if not isinstance(obj, dict): + return obj + + if "$ref" in obj and len(obj) == 1: + ref_name = obj["$ref"].replace("#/definitions/", "") + if ref_name in defs: + return _inline_refs(deepcopy(defs[ref_name]), defs, depth - 1) + return obj + + return {k: _inline_refs(v, defs, depth) for k, v in obj.items()} + + +def build_passthrough_patches( + all_defs: dict[str, Any], + resource_schemas: dict[str, dict[str, Any]], +) -> dict[str, list[dict[str, Any]]]: + """Build RFC 6902 patches that replace PassThroughProp with real CFN types. + + Returns a dict of type_name -> list of patch operations. + """ + patches_by_type: dict[str, list[dict[str, Any]]] = {} + + for type_name, schema in resource_schemas.items(): + ops: list[dict[str, Any]] = [] + definitions = schema.get("definitions", {}) + + for def_name, def_schema in definitions.items(): + if not isinstance(def_schema, dict): + continue + props = def_schema.get("properties", {}) + for prop_name, prop_def in props.items(): + if not isinstance(prop_def, dict) or not _is_passthrough_ref(prop_def): + continue + + # Find the original SAM definition to get the markdown + orig_def = _find_original_def(all_defs, def_name, prop_name) + if not orig_def: + continue + + md = orig_def.get("markdownDescription", "") + m = _PASSTHROUGH_RE.search(md) + if not m: + continue + + cfn_prop_name = m.group(1) + cfn_type = m.group(2).rstrip(".") + + resolved = _resolve_cfn_property(cfn_type, cfn_prop_name) + if not resolved: + continue + + ops.append( + { + "op": "replace", + "path": f"/definitions/{def_name}/properties/{prop_name}", + "value": resolved, + } + ) + + # Also check top-level properties + for prop_name, prop_def in schema.get("properties", {}).items(): + if not isinstance(prop_def, dict) or not _is_passthrough_ref(prop_def): + continue + + orig_prop = _find_original_top_prop(all_defs, type_name, prop_name) + if not orig_prop: + continue + + md = orig_prop.get("markdownDescription", "") + m = _PASSTHROUGH_RE.search(md) + if not m: + continue + + cfn_prop_name = m.group(1) + cfn_type = m.group(2).rstrip(".") + + resolved = _resolve_cfn_property(cfn_type, cfn_prop_name) + if not resolved: + continue + + ops.append( + { + "op": "replace", + "path": f"/properties/{prop_name}", + "value": resolved, + } + ) + + if ops: + patches_by_type[type_name] = sorted(ops, key=lambda x: x["path"]) + + return patches_by_type + + +def _find_original_def( + all_defs: dict[str, Any], short_name: str, prop_name: str +) -> dict[str, Any] | None: + """Find the original SAM definition property that has markdown docs.""" + for key, value in all_defs.items(): + if key == short_name or key.endswith(f"__{short_name}"): + if isinstance(value, dict): + props = value.get("properties", {}) + if prop_name in props: + return props[prop_name] # type: ignore[no-any-return] + return None + + +def _find_original_top_prop( + all_defs: dict[str, Any], type_name: str, prop_name: str +) -> dict[str, Any] | None: + """Find the original SAM Properties definition for a top-level property.""" + # Convert type_name to module name + module_name = type_name.lower().replace("::", "_") + props_key = f"{SAM_DEF_PREFIX}{module_name}__Properties" + if props_key in all_defs: + props = all_defs[props_key].get("properties", {}) + if prop_name in props: + return props[prop_name] # type: ignore[no-any-return] + else: + LOGGER.warning("SAM schema key %r not found for %s", props_key, type_name) + return None + + +def write_patches( + patches_dir: Path, + patches_by_type: dict[str, list[dict[str, Any]]], +) -> int: + """Write patch files for SAM resource types. + + Returns the number of patch files written. + """ + count = 0 + written: set[Path] = set() + + for type_name, ops in sorted(patches_by_type.items()): + dir_name = type_name.lower().replace("::", "_") + patch_dir = patches_dir / "extensions" / "all" / dir_name + patch_dir.mkdir(parents=True, exist_ok=True) + filepath = patch_dir / "passthrough.json" + write_schema(filepath, ops) + written.add(filepath) + count += 1 + LOGGER.info(" Wrote %d patches for %s", len(ops), type_name) + + # Clean up stale passthrough.json files for SAM types + for dir_path in (patches_dir / "extensions" / "all").iterdir(): + if not dir_path.name.startswith("aws_serverless_"): + continue + stale = dir_path / "passthrough.json" + if stale.exists() and stale not in written: + stale.unlink() + LOGGER.info(" Removed stale %s", stale) + + return count + + +def main(): + configure_logging() + + base_dir = Path(__file__).parent.parent / "src" / "cfnlint" / "data" + resources_dir = base_dir / "schemas" / "resources" + globals_dir = base_dir / "schemas" / "other" / "sam" + + # Download the SAM schema + sam_schema = download_sam_schema() + all_defs = sam_schema.get("definitions", {}) + LOGGER.info("Loaded %d definitions from SAM schema", len(all_defs)) + + # Build per-resource schemas + type_hashes: dict[str, str] = {} + resource_schemas: dict[str, dict[str, Any]] = {} + + for module_name, type_name in sorted(SAM_TYPE_MAP.items()): + LOGGER.info("Processing %s", type_name) + resource_schema = build_resource_schema(type_name, module_name, all_defs) + if resource_schema is None: + LOGGER.warning("Skipping %s — no schema generated", type_name) + continue + + resource_schemas[type_name] = resource_schema + + # Generate PassThroughProp patches + LOGGER.info("Generating PassThroughProp patches") + patches_dir = base_dir / "schemas" / "patches" + patches_by_type = build_passthrough_patches(all_defs, resource_schemas) + patch_count = write_patches(patches_dir, patches_by_type) + total_ops = sum(len(ops) for ops in patches_by_type.values()) + + # Apply patches to schemas, then compute hashes and write + import jsonpatch + + for type_name, resource_schema in sorted(resource_schemas.items()): + if type_name in patches_by_type: + resource_schema = jsonpatch.JsonPatch(patches_by_type[type_name]).apply( + resource_schema + ) + + # Also apply any manual patches from disk (e.g. State on EventBridgeRule) + dir_name = type_name.lower().replace("::", "_") + manual_patch_dir = patches_dir / "extensions" / "all" / dir_name + if manual_patch_dir.exists(): + for patch_file in sorted(manual_patch_dir.glob("*.json")): + if patch_file.name == "passthrough.json": + continue # already applied above + try: + file_patches = json.loads(patch_file.read_text()) + resource_schema = jsonpatch.JsonPatch(file_patches).apply( + resource_schema + ) + except Exception as e: + LOGGER.warning(" Patch %s failed: %s", patch_file.name, e) + + h = schema_hash(resource_schema) + type_hashes[type_name] = h + + filepath = resources_dir / f"{h}.json" + write_schema(filepath, resource_schema) + LOGGER.info(" Wrote %s -> %s", type_name, filepath.name) + + # Build Globals schema + LOGGER.info("Processing Globals schema") + globals_schema = build_globals_schema(all_defs) + write_schema(globals_dir / "globals.json", _strip_refs(globals_schema)) + LOGGER.info(" Wrote globals.json") + + # Update all provider modules to include SAM types + providers_dir = base_dir / "schemas" / "providers" + updated_count = update_provider_modules(providers_dir, type_hashes) + + # Clean up stale SAM schema files + current_hashes = set(type_hashes.values()) + for schema_file in resources_dir.glob("*.json"): + if schema_file.stem in current_hashes: + continue + try: + spec = json.loads(schema_file.read_text()) + if spec.get("typeName", "").startswith("AWS::Serverless::"): + schema_file.unlink() + LOGGER.info(" Removed stale %s", schema_file.name) + except Exception: + pass + + LOGGER.info("") + LOGGER.info( + "Generated %d resource schemas, 1 globals schema, " + "%d patch files (%d ops), updated %d provider modules", + len(type_hashes), + patch_count, + total_ops, + updated_count, + ) + + +if __name__ == "__main__": + try: + main() + except Exception as e: + LOGGER.error("Error: %s", e, exc_info=True) + sys.exit(1) diff --git a/scripts/update_serverless_aws_policies.py b/scripts/update_serverless_aws_policies.py deleted file mode 100755 index b4412cb881..0000000000 --- a/scripts/update_serverless_aws_policies.py +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env python -""" -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -SPDX-License-Identifier: MIT-0 -""" - -import json -import logging - -import boto3 -from samtranslator.translator.managed_policy_translator import ManagedPolicyLoader - -LOGGER = logging.getLogger("cfnlint") - - -def main(): - session = boto3.session.Session() - client = session.client("iam", region_name="us-east-1") - - policyLoader = ManagedPolicyLoader(client) - policyLoader.load() - - # Exception from PR #4209 - policyLoader._policy_map.pop("AmazonGuardDutyFullAccess", None) - - filename = "src/cfnlint/data/Serverless/ManagedPolicies.json" - with open(filename, "w+", encoding="utf-8") as f: - json.dump( - policyLoader._policy_map, - f, - indent=1, - sort_keys=True, - separators=(",", ": "), - ) - f.write("\n") - - -if __name__ == "__main__": - try: - main() - except (ValueError, TypeError): - LOGGER.error(ValueError) diff --git a/src/cfnlint/context/context.py b/src/cfnlint/context/context.py index 97879e16b3..63d5a97beb 100644 --- a/src/cfnlint/context/context.py +++ b/src/cfnlint/context/context.py @@ -202,6 +202,7 @@ def __post_init__(self) -> None: name for name, resource in self.resources.items() if resource.type.endswith("::MODULE") + or resource.type.startswith("AWS::Serverless::") ), ) @@ -582,6 +583,136 @@ def _init_transforms(transforms: Any) -> Transforms: return Transforms([]) +def _inject( + resources: dict[str, Resource], logical_id: str, resource_type: str +) -> None: + """Add a synthetic resource if it doesn't already exist.""" + if logical_id not in resources: + try: + resources[logical_id] = Resource({"Type": resource_type}) + except ValueError: + pass + + +def _inject_sam_implicit_resources( + template_resources: Any, resources: dict[str, Resource] +) -> None: + """Add synthetic resources for SAM implicit APIs and generated roles. + + SAM auto-generates these when Functions have Api/HttpApi events + without explicit RestApiId/ApiId references, and IAM Roles when + no explicit Role property is set. + """ + if not isinstance(template_resources, dict): + return + + needs_rest_api = False + needs_http_api = False + + for resource_id, resource in template_resources.items(): + if not isinstance(resource, dict): + continue + resource_type = resource.get("Type") + props = resource.get("Properties", {}) + if not isinstance(props, dict): + props = {} + + # SAM Functions/StateMachines without explicit Role get a generated Role + if resource_type in ( + "AWS::Serverless::Function", + "AWS::Serverless::StateMachine", + ): + if "Role" not in props: + _inject(resources, f"{resource_id}Role", "AWS::IAM::Role") + + if resource_type == "AWS::Serverless::Function": + # Version/Alias when AutoPublishAlias or DeploymentPreference + has_alias = "AutoPublishAlias" in props or "DeploymentPreference" in props + if has_alias: + for suffix, rtype in ( + (f"{resource_id}.Version", "AWS::Lambda::Version"), + (f"{resource_id}.Alias", "AWS::Lambda::Alias"), + ): + if suffix not in resources: + try: + resources[suffix] = Resource({"Type": rtype}) + except ValueError: + pass + + # Url when FunctionUrlConfig is set + if "FunctionUrlConfig" in props: + _inject(resources, f"{resource_id}Url", "AWS::Lambda::Url") + + # DeploymentPreference generates CodeDeploy resources + dp = props.get("DeploymentPreference", {}) + if isinstance(dp, dict) and dp.get("Enabled", True): + _inject( + resources, + "ServerlessDeploymentApplication", + "AWS::CodeDeploy::Application", + ) + _inject( + resources, + f"{resource_id}DeploymentGroup", + "AWS::CodeDeploy::DeploymentGroup", + ) + if "Role" not in dp: + _inject(resources, "CodeDeployServiceRole", "AWS::IAM::Role") + + # Per-event permissions and implicit API detection + events = props.get("Events", {}) + if isinstance(events, dict): + for event_name, event in events.items(): + if not isinstance(event, dict): + continue + _inject( + resources, + f"{resource_id}{event_name}Permission", + "AWS::Lambda::Permission", + ) + event_type = event.get("Type") + if event_type == "Api": + event_props = event.get("Properties", {}) + if ( + not isinstance(event_props, dict) + or "RestApiId" not in event_props + ): + needs_rest_api = True + elif event_type == "HttpApi": + event_props = event.get("Properties", {}) + if ( + not isinstance(event_props, dict) + or "ApiId" not in event_props + ): + needs_http_api = True + + if resource_type == "AWS::Serverless::Api": + _inject(resources, f"{resource_id}Stage", "AWS::ApiGateway::Stage") + if "Domain" in props: + _inject( + resources, + f"{resource_id}DomainName", + "AWS::ApiGateway::DomainName", + ) + if "Auth" in props: + _inject( + resources, + f"{resource_id}UsagePlan", + "AWS::ApiGateway::UsagePlan", + ) + + if resource_type == "AWS::Serverless::HttpApi": + _inject(resources, f"{resource_id}Stage", "AWS::ApiGatewayV2::Stage") + + if needs_rest_api: + _inject(resources, "ServerlessRestApi", "AWS::Serverless::Api") + _inject(resources, "ServerlessRestApiStage", "AWS::ApiGateway::Stage") + + if needs_http_api: + _inject(resources, "ServerlessHttpApi", "AWS::Serverless::HttpApi") + _inject(resources, "ServerlessHttpApiStage", "AWS::ApiGatewayV2::Stage") + + def create_context_for_template( cfn: Template, ) -> "Context": @@ -597,6 +728,13 @@ def create_context_for_template( except (ValueError, AttributeError): pass + # Inject synthetic resources for SAM implicit APIs. + # When a SAM Function has an Api event without an explicit RestApiId, + # SAM generates "ServerlessRestApi" (AWS::Serverless::Api). + # Similarly for HttpApi events -> "ServerlessHttpApi". + if cfn.has_serverless_transform(): + _inject_sam_implicit_resources(cfn.template.get("Resources", {}), resources) + transforms = _init_transforms(cfn.template.get("Transform", [])) try: diff --git a/src/cfnlint/data/Serverless/ManagedPolicies.json b/src/cfnlint/data/Serverless/ManagedPolicies.json deleted file mode 100644 index b9ff93b1c3..0000000000 --- a/src/cfnlint/data/Serverless/ManagedPolicies.json +++ /dev/null @@ -1,1493 +0,0 @@ -{ - "AIDevOpsAgentAccessPolicy": "arn:aws:iam::aws:policy/AIDevOpsAgentAccessPolicy", - "AIDevOpsAgentFullAccess": "arn:aws:iam::aws:policy/AIDevOpsAgentFullAccess", - "AIDevOpsAgentReadOnlyAccess": "arn:aws:iam::aws:policy/AIDevOpsAgentReadOnlyAccess", - "AIDevOpsOperatorAppAccessPolicy": "arn:aws:iam::aws:policy/AIDevOpsOperatorAppAccessPolicy", - "AIOpsAssistantIncidentReportPolicy": "arn:aws:iam::aws:policy/AIOpsAssistantIncidentReportPolicy", - "AIOpsAssistantPolicy": "arn:aws:iam::aws:policy/AIOpsAssistantPolicy", - "AIOpsConsoleAdminPolicy": "arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy", - "AIOpsOperatorAccess": "arn:aws:iam::aws:policy/AIOpsOperatorAccess", - "AIOpsReadOnlyAccess": "arn:aws:iam::aws:policy/AIOpsReadOnlyAccess", - "APIGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", - "AWS-SSM-Automation-DiagnosisBucketPolicy": "arn:aws:iam::aws:policy/AWS-SSM-Automation-DiagnosisBucketPolicy", - "AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy", - "AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy", - "AWS-SSM-DiagnosisAutomation-OperationalAccountAdministrationRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-OperationalAccountAdministrationRolePolicy", - "AWS-SSM-RemediationAutomation-AdministrationRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-AdministrationRolePolicy", - "AWS-SSM-RemediationAutomation-ExecutionRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-ExecutionRolePolicy", - "AWS-SSM-RemediationAutomation-OperationalAccountAdministrationRolePolicy": "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-OperationalAccountAdministrationRolePolicy", - "AWSAccountActivityAccess": "arn:aws:iam::aws:policy/AWSAccountActivityAccess", - "AWSAccountManagementFullAccess": "arn:aws:iam::aws:policy/AWSAccountManagementFullAccess", - "AWSAccountManagementReadOnlyAccess": "arn:aws:iam::aws:policy/AWSAccountManagementReadOnlyAccess", - "AWSAccountSettingsManagementRole": "arn:aws:iam::aws:policy/AWSAccountSettingsManagementRole", - "AWSAccountUsageReportAccess": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", - "AWSAgentlessDiscoveryService": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", - "AWSAppConfigServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAppConfigServiceRolePolicy", - "AWSAppFabricFullAccess": "arn:aws:iam::aws:policy/AWSAppFabricFullAccess", - "AWSAppFabricReadOnlyAccess": "arn:aws:iam::aws:policy/AWSAppFabricReadOnlyAccess", - "AWSAppFabricServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAppFabricServiceRolePolicy", - "AWSAppMeshEnvoyAccess": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", - "AWSAppMeshFullAccess": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", - "AWSAppMeshPreviewEnvoyAccess": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", - "AWSAppMeshPreviewServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", - "AWSAppMeshReadOnly": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", - "AWSAppMeshServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", - "AWSAppRunnerFullAccess": "arn:aws:iam::aws:policy/AWSAppRunnerFullAccess", - "AWSAppRunnerReadOnlyAccess": "arn:aws:iam::aws:policy/AWSAppRunnerReadOnlyAccess", - "AWSAppRunnerServicePolicyForECRAccess": "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess", - "AWSAppSyncAdministrator": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", - "AWSAppSyncInvokeFullAccess": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", - "AWSAppSyncPushToCloudWatchLogs": "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", - "AWSAppSyncSchemaAuthor": "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor", - "AWSAppSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy", - "AWSApplicationAutoScalingCustomResourcePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", - "AWSApplicationAutoscalingAppStreamFleetPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy", - "AWSApplicationAutoscalingCassandraTablePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", - "AWSApplicationAutoscalingComprehendEndpointPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", - "AWSApplicationAutoscalingDynamoDBTablePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", - "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", - "AWSApplicationAutoscalingECSServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy", - "AWSApplicationAutoscalingEMRInstanceGroupPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy", - "AWSApplicationAutoscalingElastiCacheRGPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingElastiCacheRGPolicy", - "AWSApplicationAutoscalingKafkaClusterPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy", - "AWSApplicationAutoscalingLambdaConcurrencyPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", - "AWSApplicationAutoscalingNeptuneClusterPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingNeptuneClusterPolicy", - "AWSApplicationAutoscalingRDSClusterPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", - "AWSApplicationAutoscalingSageMakerEndpointPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy", - "AWSApplicationAutoscalingWorkSpacesPoolPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingWorkSpacesPoolPolicy", - "AWSApplicationDiscoveryAgentAccess": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", - "AWSApplicationDiscoveryAgentlessCollectorAccess": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentlessCollectorAccess", - "AWSApplicationDiscoveryServiceFullAccess": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", - "AWSApplicationMigrationAgentInstallationPolicy": "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentInstallationPolicy", - "AWSApplicationMigrationAgentPolicy": "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentPolicy", - "AWSApplicationMigrationAgentPolicy_v2": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationAgentPolicy_v2", - "AWSApplicationMigrationConversionServerPolicy": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationConversionServerPolicy", - "AWSApplicationMigrationEC2Access": "arn:aws:iam::aws:policy/AWSApplicationMigrationEC2Access", - "AWSApplicationMigrationFullAccess": "arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess", - "AWSApplicationMigrationMGHAccess": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationMGHAccess", - "AWSApplicationMigrationNetworkMigrationCustomResource": "arn:aws:iam::aws:policy/AWSApplicationMigrationNetworkMigrationCustomResource", - "AWSApplicationMigrationNetworkMigrationMultiAccount": "arn:aws:iam::aws:policy/AWSApplicationMigrationNetworkMigrationMultiAccount", - "AWSApplicationMigrationReadOnlyAccess": "arn:aws:iam::aws:policy/AWSApplicationMigrationReadOnlyAccess", - "AWSApplicationMigrationReplicationServerPolicy": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationReplicationServerPolicy", - "AWSApplicationMigrationSSMAccess": "arn:aws:iam::aws:policy/AWSApplicationMigrationSSMAccess", - "AWSApplicationMigrationServiceEc2InstancePolicy": "arn:aws:iam::aws:policy/AWSApplicationMigrationServiceEc2InstancePolicy", - "AWSApplicationMigrationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy", - "AWSApplicationMigrationVCenterClientPolicy": "arn:aws:iam::aws:policy/AWSApplicationMigrationVCenterClientPolicy", - "AWSArtifactAccountSync": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", - "AWSArtifactAgreementsFullAccess": "arn:aws:iam::aws:policy/AWSArtifactAgreementsFullAccess", - "AWSArtifactAgreementsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSArtifactAgreementsReadOnlyAccess", - "AWSArtifactReportsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSArtifactReportsReadOnlyAccess", - "AWSArtifactServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSArtifactServiceRolePolicy", - "AWSAuditManagerAdministratorAccess": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess", - "AWSAuditManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy", - "AWSAutoScalingPlansEC2AutoScalingPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", - "AWSBCMDataExportsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSBCMDataExportsServiceRolePolicy", - "AWSBackupAuditAccess": "arn:aws:iam::aws:policy/AWSBackupAuditAccess", - "AWSBackupDataTransferAccess": "arn:aws:iam::aws:policy/AWSBackupDataTransferAccess", - "AWSBackupFullAccess": "arn:aws:iam::aws:policy/AWSBackupFullAccess", - "AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync": "arn:aws:iam::aws:policy/service-role/AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync", - "AWSBackupGuardDutyRolePolicyForScans": "arn:aws:iam::aws:policy/AWSBackupGuardDutyRolePolicyForScans", - "AWSBackupOperatorAccess": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess", - "AWSBackupOrganizationAdminAccess": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess", - "AWSBackupRestoreAccessForSAPHANA": "arn:aws:iam::aws:policy/AWSBackupRestoreAccessForSAPHANA", - "AWSBackupSearchOperatorAccess": "arn:aws:iam::aws:policy/AWSBackupSearchOperatorAccess", - "AWSBackupServiceLinkedRolePolicyForBackup": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", - "AWSBackupServiceLinkedRolePolicyForBackupTest": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest", - "AWSBackupServiceRolePolicyForBackup": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", - "AWSBackupServiceRolePolicyForIndexing": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForIndexing", - "AWSBackupServiceRolePolicyForItemRestores": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForItemRestores", - "AWSBackupServiceRolePolicyForRestores": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", - "AWSBackupServiceRolePolicyForS3Backup": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup", - "AWSBackupServiceRolePolicyForS3Restore": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore", - "AWSBackupServiceRolePolicyForScans": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForScans", - "AWSBatchFullAccess": "arn:aws:iam::aws:policy/AWSBatchFullAccess", - "AWSBatchServiceEventTargetRole": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole", - "AWSBatchServiceRole": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", - "AWSBatchServiceRolePolicyForSageMaker": "arn:aws:iam::aws:policy/aws-service-role/AWSBatchServiceRolePolicyForSageMaker", - "AWSBedrockAgentCoreGatewayNetworkServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSBedrockAgentCoreGatewayNetworkServiceRolePolicy", - "AWSBedrockAgentCoreIdentityNetworkServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSBedrockAgentCoreIdentityNetworkServiceRolePolicy", - "AWSBillingConductorFullAccess": "arn:aws:iam::aws:policy/AWSBillingConductorFullAccess", - "AWSBillingConductorReadOnlyAccess": "arn:aws:iam::aws:policy/AWSBillingConductorReadOnlyAccess", - "AWSBillingReadOnlyAccess": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess", - "AWSBillingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSBillingServiceRolePolicy", - "AWSBudgetsActionsWithAWSResourceControlAccess": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess", - "AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM": "arn:aws:iam::aws:policy/AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM", - "AWSBudgetsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess", - "AWSBugBustFullAccess": "arn:aws:iam::aws:policy/AWSBugBustFullAccess", - "AWSBugBustPlayerAccess": "arn:aws:iam::aws:policy/AWSBugBustPlayerAccess", - "AWSBugBustServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSBugBustServiceRolePolicy", - "AWSCertificateManagerFullAccess": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", - "AWSCertificateManagerPrivateCAAuditor": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", - "AWSCertificateManagerPrivateCAFullAccess": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", - "AWSCertificateManagerPrivateCAPrivilegedUser": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", - "AWSCertificateManagerPrivateCAReadOnly": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", - "AWSCertificateManagerPrivateCAUser": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", - "AWSCertificateManagerReadOnly": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", - "AWSChatbotServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", - "AWSCleanRoomsFullAccess": "arn:aws:iam::aws:policy/AWSCleanRoomsFullAccess", - "AWSCleanRoomsFullAccessNoQuerying": "arn:aws:iam::aws:policy/AWSCleanRoomsFullAccessNoQuerying", - "AWSCleanRoomsMLFullAccess": "arn:aws:iam::aws:policy/AWSCleanRoomsMLFullAccess", - "AWSCleanRoomsMLReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCleanRoomsMLReadOnlyAccess", - "AWSCleanRoomsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCleanRoomsReadOnlyAccess", - "AWSCleanRoomsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSCleanRoomsServiceRolePolicy", - "AWSCloud9Administrator": "arn:aws:iam::aws:policy/AWSCloud9Administrator", - "AWSCloud9EnvironmentMember": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", - "AWSCloud9SSMInstanceProfile": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile", - "AWSCloud9ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", - "AWSCloud9User": "arn:aws:iam::aws:policy/AWSCloud9User", - "AWSCloudFormationFullAccess": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", - "AWSCloudFormationReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", - "AWSCloudFrontLogger": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", - "AWSCloudFrontVPCOriginServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontVPCOriginServiceRolePolicy", - "AWSCloudHSMFullAccess": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", - "AWSCloudHSMReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess", - "AWSCloudHSMRole": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole", - "AWSCloudMapDiscoverInstanceAccess": "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess", - "AWSCloudMapFullAccess": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", - "AWSCloudMapReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", - "AWSCloudMapRegisterInstanceAccess": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", - "AWSCloudShellFullAccess": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess", - "AWSCloudTrail_FullAccess": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess", - "AWSCloudTrail_ReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCloudTrail_ReadOnlyAccess", - "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", - "AWSCodeArtifactAdminAccess": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess", - "AWSCodeArtifactReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess", - "AWSCodeBuildAdminAccess": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", - "AWSCodeBuildDeveloperAccess": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", - "AWSCodeBuildReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", - "AWSCodeCommitFullAccess": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", - "AWSCodeCommitPowerUser": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", - "AWSCodeCommitReadOnly": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", - "AWSCodeDeployDeployerAccess": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", - "AWSCodeDeployFullAccess": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", - "AWSCodeDeployReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", - "AWSCodeDeployRole": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", - "AWSCodeDeployRoleForCloudFormation": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation", - "AWSCodeDeployRoleForECS": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", - "AWSCodeDeployRoleForECSLimited": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", - "AWSCodeDeployRoleForLambda": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", - "AWSCodeDeployRoleForLambdaLimited": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited", - "AWSCodePipelineApproverAccess": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", - "AWSCodePipelineCustomActionAccess": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess", - "AWSCodePipeline_FullAccess": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess", - "AWSCodePipeline_ReadOnlyAccess": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", - "AWSCodeStarFullAccess": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", - "AWSCodeStarNotificationsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", - "AWSCodeStarServiceRole": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", - "AWSCompromisedKeyQuarantine": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine", - "AWSCompromisedKeyQuarantineV2": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2", - "AWSCompromisedKeyQuarantineV3": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV3", - "AWSConfigMultiAccountSetupPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", - "AWSConfigRemediationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", - "AWSConfigRole": "arn:aws:iam::aws:policy/service-role/AWSConfigRole", - "AWSConfigRoleForOrganizations": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", - "AWSConfigRulesExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", - "AWSConfigServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", - "AWSConfigUserAccess": "arn:aws:iam::aws:policy/AWSConfigUserAccess", - "AWSConnector": "arn:aws:iam::aws:policy/AWSConnector", - "AWSControlTowerAccountServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSControlTowerAccountServiceRolePolicy", - "AWSControlTowerCloudTrailRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSControlTowerCloudTrailRolePolicy", - "AWSControlTowerIdentityCenterManagementPolicy": "arn:aws:iam::aws:policy/service-role/AWSControlTowerIdentityCenterManagementPolicy", - "AWSControlTowerServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", - "AWSCostAndUsageReportAutomationPolicy": "arn:aws:iam::aws:policy/service-role/AWSCostAndUsageReportAutomationPolicy", - "AWSDMSFleetAdvisorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDMSFleetAdvisorServiceRolePolicy", - "AWSDMSServerlessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDMSServerlessServiceRolePolicy", - "AWSDataExchangeDataGrantOwnerFullAccess": "arn:aws:iam::aws:policy/AWSDataExchangeDataGrantOwnerFullAccess", - "AWSDataExchangeDataGrantReceiverFullAccess": "arn:aws:iam::aws:policy/AWSDataExchangeDataGrantReceiverFullAccess", - "AWSDataExchangeFullAccess": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", - "AWSDataExchangeProviderFullAccess": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", - "AWSDataExchangeReadOnly": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", - "AWSDataExchangeServiceRolePolicyForLicenseManagement": "arn:aws:iam::aws:policy/aws-service-role/AWSDataExchangeServiceRolePolicyForLicenseManagement", - "AWSDataExchangeServiceRolePolicyForOrganizationDiscovery": "arn:aws:iam::aws:policy/aws-service-role/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery", - "AWSDataExchangeSubscriberFullAccess": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", - "AWSDataLifecycleManagerSSMFullAccess": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerSSMFullAccess", - "AWSDataLifecycleManagerServiceRole": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", - "AWSDataLifecycleManagerServiceRoleForAMIManagement": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement", - "AWSDataPipeline_FullAccess": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess", - "AWSDataPipeline_PowerUser": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser", - "AWSDataSyncDiscoveryServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDataSyncDiscoveryServiceRolePolicy", - "AWSDataSyncFullAccess": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", - "AWSDataSyncReadOnlyAccess": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", - "AWSDataSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDataSyncServiceRolePolicy", - "AWSDeadlineCloud-FleetWorker": "arn:aws:iam::aws:policy/AWSDeadlineCloud-FleetWorker", - "AWSDeadlineCloud-UserAccessFarms": "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessFarms", - "AWSDeadlineCloud-UserAccessFleets": "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessFleets", - "AWSDeadlineCloud-UserAccessJobs": "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessJobs", - "AWSDeadlineCloud-UserAccessQueues": "arn:aws:iam::aws:policy/AWSDeadlineCloud-UserAccessQueues", - "AWSDeadlineCloud-WorkerHost": "arn:aws:iam::aws:policy/AWSDeadlineCloud-WorkerHost", - "AWSDeepLensLambdaFunctionAccessPolicy": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", - "AWSDeepLensServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", - "AWSDeepRacerAccountAdminAccess": "arn:aws:iam::aws:policy/AWSDeepRacerAccountAdminAccess", - "AWSDeepRacerCloudFormationAccessPolicy": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", - "AWSDeepRacerDefaultMultiUserAccess": "arn:aws:iam::aws:policy/AWSDeepRacerDefaultMultiUserAccess", - "AWSDeepRacerFullAccess": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess", - "AWSDeepRacerRoboMakerAccessPolicy": "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy", - "AWSDeepRacerServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", - "AWSDenyAll": "arn:aws:iam::aws:policy/AWSDenyAll", - "AWSDeviceFarmFullAccess": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess", - "AWSDeviceFarmServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmServiceRolePolicy", - "AWSDeviceFarmTestGridServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy", - "AWSDirectConnectFullAccess": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess", - "AWSDirectConnectReadOnlyAccess": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", - "AWSDirectConnectServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy", - "AWSDirectoryServiceDataFullAccess": "arn:aws:iam::aws:policy/AWSDirectoryServiceDataFullAccess", - "AWSDirectoryServiceDataReadOnlyAccess": "arn:aws:iam::aws:policy/AWSDirectoryServiceDataReadOnlyAccess", - "AWSDirectoryServiceFullAccess": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", - "AWSDirectoryServiceReadOnlyAccess": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", - "AWSDirectoryServiceServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectoryServiceServiceRolePolicy", - "AWSDiscoveryContinuousExportFirehosePolicy": "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy", - "AWSEC2CapacityManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2CapacityManagerServiceRolePolicy", - "AWSEC2CapacityReservationFleetRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2CapacityReservationFleetRolePolicy", - "AWSEC2FleetServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", - "AWSEC2SpotFleetServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", - "AWSEC2SpotServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", - "AWSEC2SqlHaInstancePolicy": "arn:aws:iam::aws:policy/AWSEC2SqlHaInstancePolicy", - "AWSEC2SqlHaServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SqlHaServiceRolePolicy", - "AWSEC2VssRestorePolicy": "arn:aws:iam::aws:policy/AWSEC2VssRestorePolicy", - "AWSEC2VssSnapshotPolicy": "arn:aws:iam::aws:policy/AWSEC2VssSnapshotPolicy", - "AWSECRPullThroughCache_ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy", - "AWSElasticBeanstalkCustomPlatformforEC2Role": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role", - "AWSElasticBeanstalkEnhancedHealth": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth", - "AWSElasticBeanstalkMaintenance": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", - "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy": "arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", - "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", - "AWSElasticBeanstalkMulticontainerDocker": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", - "AWSElasticBeanstalkReadOnly": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly", - "AWSElasticBeanstalkRoleCWL": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL", - "AWSElasticBeanstalkRoleCore": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore", - "AWSElasticBeanstalkRoleECS": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS", - "AWSElasticBeanstalkRoleRDS": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS", - "AWSElasticBeanstalkRoleSNS": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS", - "AWSElasticBeanstalkRoleWorkerTier": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier", - "AWSElasticBeanstalkService": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", - "AWSElasticBeanstalkServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", - "AWSElasticBeanstalkWebTier": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", - "AWSElasticBeanstalkWorkerTier": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", - "AWSElasticDisasterRecoveryAgentInstallationPolicy": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryAgentInstallationPolicy", - "AWSElasticDisasterRecoveryAgentPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryAgentPolicy", - "AWSElasticDisasterRecoveryConsoleFullAccess": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess", - "AWSElasticDisasterRecoveryConsoleFullAccess_v2": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess_v2", - "AWSElasticDisasterRecoveryConversionServerPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryConversionServerPolicy", - "AWSElasticDisasterRecoveryCrossAccountReplicationPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryCrossAccountReplicationPolicy", - "AWSElasticDisasterRecoveryEc2InstancePolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryEc2InstancePolicy", - "AWSElasticDisasterRecoveryFailbackInstallationPolicy": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryFailbackInstallationPolicy", - "AWSElasticDisasterRecoveryFailbackPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryFailbackPolicy", - "AWSElasticDisasterRecoveryLaunchActionsPolicy": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryLaunchActionsPolicy", - "AWSElasticDisasterRecoveryNetworkReplicationPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryNetworkReplicationPolicy", - "AWSElasticDisasterRecoveryReadOnlyAccess": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryReadOnlyAccess", - "AWSElasticDisasterRecoveryRecoveryInstancePolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryRecoveryInstancePolicy", - "AWSElasticDisasterRecoveryReplicationServerPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryReplicationServerPolicy", - "AWSElasticDisasterRecoveryServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticDisasterRecoveryServiceRolePolicy", - "AWSElasticDisasterRecoveryStagingAccountPolicy": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryStagingAccountPolicy", - "AWSElasticDisasterRecoveryStagingAccountPolicy_v2": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryStagingAccountPolicy_v2", - "AWSElasticLoadBalancingClassicServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", - "AWSElasticLoadBalancingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", - "AWSElementalMediaConnectCreateBridge": "arn:aws:iam::aws:policy/AWSElementalMediaConnectCreateBridge", - "AWSElementalMediaConnectCreateFlow": "arn:aws:iam::aws:policy/AWSElementalMediaConnectCreateFlow", - "AWSElementalMediaConnectDeleteBridge": "arn:aws:iam::aws:policy/AWSElementalMediaConnectDeleteBridge", - "AWSElementalMediaConnectDeleteFlow": "arn:aws:iam::aws:policy/AWSElementalMediaConnectDeleteFlow", - "AWSElementalMediaConnectFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaConnectFullAccess", - "AWSElementalMediaConnectReadOnlyAccess": "arn:aws:iam::aws:policy/AWSElementalMediaConnectReadOnlyAccess", - "AWSElementalMediaConvertFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", - "AWSElementalMediaConvertReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", - "AWSElementalMediaLiveFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess", - "AWSElementalMediaLiveReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly", - "AWSElementalMediaPackageFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess", - "AWSElementalMediaPackageReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly", - "AWSElementalMediaPackageV2FullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaPackageV2FullAccess", - "AWSElementalMediaPackageV2ReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaPackageV2ReadOnly", - "AWSElementalMediaStoreFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess", - "AWSElementalMediaStoreReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly", - "AWSElementalMediaTailorFullAccess": "arn:aws:iam::aws:policy/AWSElementalMediaTailorFullAccess", - "AWSElementalMediaTailorReadOnly": "arn:aws:iam::aws:policy/AWSElementalMediaTailorReadOnly", - "AWSEnhancedClassicNetworkingMangementPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy", - "AWSEntityResolutionConsoleFullAccess": "arn:aws:iam::aws:policy/AWSEntityResolutionConsoleFullAccess", - "AWSEntityResolutionConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AWSEntityResolutionConsoleReadOnlyAccess", - "AWSFMAdminFullAccess": "arn:aws:iam::aws:policy/AWSFMAdminFullAccess", - "AWSFMAdminReadOnlyAccess": "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess", - "AWSFMMemberReadOnlyAccess": "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess", - "AWSFaultInjectionSimulatorEC2Access": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorEC2Access", - "AWSFaultInjectionSimulatorECSAccess": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorECSAccess", - "AWSFaultInjectionSimulatorEKSAccess": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorEKSAccess", - "AWSFaultInjectionSimulatorNetworkAccess": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorNetworkAccess", - "AWSFaultInjectionSimulatorRDSAccess": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorRDSAccess", - "AWSFaultInjectionSimulatorSSMAccess": "arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorSSMAccess", - "AWSFinSpaceServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSFinSpaceServiceRolePolicy", - "AWSForWordPressPluginPolicy": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", - "AWSGitSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSGitSyncServiceRolePolicy", - "AWSGlobalAcceleratorSLRPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", - "AWSGlueConsoleFullAccess": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", - "AWSGlueConsoleSageMakerNotebookFullAccess": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", - "AWSGlueDataBrewServiceRole": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole", - "AWSGlueSchemaRegistryFullAccess": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess", - "AWSGlueSchemaRegistryReadonlyAccess": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess", - "AWSGlueServiceNotebookRole": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", - "AWSGlueServiceRole": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", - "AWSGrafanaAccountAdministrator": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator", - "AWSGrafanaConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess", - "AWSGrafanaWorkspacePermissionManagement": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement", - "AWSGrafanaWorkspacePermissionManagementV2": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagementV2", - "AWSGreengrassFullAccess": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", - "AWSGreengrassReadOnlyAccess": "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess", - "AWSGreengrassResourceAccessRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", - "AWSGroundStationAgentInstancePolicy": "arn:aws:iam::aws:policy/AWSGroundStationAgentInstancePolicy", - "AWSHealthFullAccess": "arn:aws:iam::aws:policy/AWSHealthFullAccess", - "AWSHealthImagingFullAccess": "arn:aws:iam::aws:policy/AWSHealthImagingFullAccess", - "AWSHealthImagingReadOnlyAccess": "arn:aws:iam::aws:policy/AWSHealthImagingReadOnlyAccess", - "AWSHealthImagingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSHealthImagingServiceRolePolicy", - "AWSHealthOmicsServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSHealthOmicsServiceLinkedRolePolicy", - "AWSHealth_EventProcessorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSHealth_EventProcessorServiceRolePolicy", - "AWSIAMIdentityCenterAllowListForIdentityContext": "arn:aws:iam::aws:policy/AWSIAMIdentityCenterAllowListForIdentityContext", - "AWSIPAMServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIPAMServiceRolePolicy", - "AWSIQContractServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", - "AWSIQFullAccess": "arn:aws:iam::aws:policy/AWSIQFullAccess", - "AWSIQPermissionServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", - "AWSIdentityCenterExternalManagementPolicy": "arn:aws:iam::aws:policy/service-role/AWSIdentityCenterExternalManagementPolicy", - "AWSIdentitySyncFullAccess": "arn:aws:iam::aws:policy/AWSIdentitySyncFullAccess", - "AWSIdentitySyncReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIdentitySyncReadOnlyAccess", - "AWSImageBuilderFullAccess": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess", - "AWSImageBuilderReadOnlyAccess": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess", - "AWSImportExportFullAccess": "arn:aws:iam::aws:policy/AWSImportExportFullAccess", - "AWSImportExportReadOnlyAccess": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess", - "AWSIncidentManagerIncidentAccessServiceRolePolicy": "arn:aws:iam::aws:policy/AWSIncidentManagerIncidentAccessServiceRolePolicy", - "AWSIncidentManagerResolverAccess": "arn:aws:iam::aws:policy/AWSIncidentManagerResolverAccess", - "AWSIncidentManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy", - "AWSIoTAnalyticsFullAccess": "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess", - "AWSIoTAnalyticsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess", - "AWSIoTConfigAccess": "arn:aws:iam::aws:policy/AWSIoTConfigAccess", - "AWSIoTConfigReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", - "AWSIoTDataAccess": "arn:aws:iam::aws:policy/AWSIoTDataAccess", - "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", - "AWSIoTDeviceDefenderAudit": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", - "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", - "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", - "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", - "AWSIoTDeviceDefenderUpdateCACertMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", - "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", - "AWSIoTDeviceTesterForFreeRTOSFullAccess": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess", - "AWSIoTDeviceTesterForGreengrassFullAccess": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess", - "AWSIoTEventsFullAccess": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", - "AWSIoTEventsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", - "AWSIoTFleetHubFederationAccess": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess", - "AWSIoTFleetwiseServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTFleetwiseServiceRolePolicy", - "AWSIoTFullAccess": "arn:aws:iam::aws:policy/AWSIoTFullAccess", - "AWSIoTLogging": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging", - "AWSIoTManagedIntegrationsFullAccess": "arn:aws:iam::aws:policy/AWSIoTManagedIntegrationsFullAccess", - "AWSIoTManagedIntegrationsRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTManagedIntegrationsRolePolicy", - "AWSIoTOTAUpdate": "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate", - "AWSIoTRuleActions": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions", - "AWSIoTSiteWiseConsoleFullAccess": "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess", - "AWSIoTSiteWiseFullAccess": "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess", - "AWSIoTSiteWiseMonitorPortalAccess": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess", - "AWSIoTSiteWiseMonitorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", - "AWSIoTSiteWiseReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", - "AWSIoTThingsRegistration": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", - "AWSIoTTwinMakerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTTwinMakerServiceRolePolicy", - "AWSIoTWirelessDataAccess": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess", - "AWSIoTWirelessFullAccess": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess", - "AWSIoTWirelessFullPublishAccess": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess", - "AWSIoTWirelessGatewayCertManager": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager", - "AWSIoTWirelessLogging": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging", - "AWSIoTWirelessReadOnlyAccess": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess", - "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", - "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", - "AWSKeyManagementServicePowerUser": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", - "AWSLakeFormationCrossAccountManager": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager", - "AWSLakeFormationDataAdmin": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", - "AWSLambdaBasicDurableExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy", - "AWSLambdaBasicExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "AWSLambdaDynamoDBExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", - "AWSLambdaENIManagementAccess": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", - "AWSLambdaExecute": "arn:aws:iam::aws:policy/AWSLambdaExecute", - "AWSLambdaInvocation-DynamoDB": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB", - "AWSLambdaKinesisExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", - "AWSLambdaMSKExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole", - "AWSLambdaManagedEC2ResourceOperator": "arn:aws:iam::aws:policy/AWSLambdaManagedEC2ResourceOperator", - "AWSLambdaReplicator": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator", - "AWSLambdaRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", - "AWSLambdaSQSQueueExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", - "AWSLambdaServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaServiceRolePolicy", - "AWSLambdaVPCAccessExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - "AWSLambda_FullAccess": "arn:aws:iam::aws:policy/AWSLambda_FullAccess", - "AWSLambda_ReadOnlyAccess": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess", - "AWSLicenseManagerConsumptionPolicy": "arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy", - "AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy", - "AWSLicenseManagerMasterAccountRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", - "AWSLicenseManagerMemberAccountRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", - "AWSLicenseManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", - "AWSLicenseManagerUserSubscriptionsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerUserSubscriptionsServiceRolePolicy", - "AWSM2ServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSM2ServicePolicy", - "AWSMSKReplicatorExecutionRole": "arn:aws:iam::aws:policy/service-role/AWSMSKReplicatorExecutionRole", - "AWSManagedServicesDeploymentToolkitPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServicesDeploymentToolkitPolicy", - "AWSManagedServices_ContactsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_ContactsServiceRolePolicy", - "AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy", - "AWSManagedServices_EventsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_EventsServiceRolePolicy", - "AWSManagedServices_SelfServiceReporting_ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSManagedServices_SelfServiceReporting_ServiceRolePolicy", - "AWSManagementConsoleAdministratorAccess": "arn:aws:iam::aws:policy/job-function/AWSManagementConsoleAdministratorAccess", - "AWSManagementConsoleBasicUserAccess": "arn:aws:iam::aws:policy/AWSManagementConsoleBasicUserAccess", - "AWSMarketplaceAmiIngestion": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion", - "AWSMarketplaceDeploymentServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceDeploymentServiceRolePolicy", - "AWSMarketplaceDiscoveryFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceDiscoveryFullAccess", - "AWSMarketplaceFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess", - "AWSMarketplaceGetEntitlements": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements", - "AWSMarketplaceLicenseManagementServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy", - "AWSMarketplaceManageSubscriptions": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", - "AWSMarketplaceMeteringFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", - "AWSMarketplaceMeteringRegisterUsage": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage", - "AWSMarketplaceProcurementSystemAdminFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", - "AWSMarketplacePurchaseOrdersServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplacePurchaseOrdersServiceRolePolicy", - "AWSMarketplaceRead-only": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", - "AWSMarketplaceResaleAuthorizationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceResaleAuthorizationServiceRolePolicy", - "AWSMarketplaceSellerFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", - "AWSMarketplaceSellerOfferManagement": "arn:aws:iam::aws:policy/AWSMarketplaceSellerOfferManagement", - "AWSMarketplaceSellerProductsFullAccess": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", - "AWSMarketplaceSellerProductsReadOnly": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", - "AWSMcpServiceActionsFullAccess": "arn:aws:iam::aws:policy/AWSMcpServiceActionsFullAccess", - "AWSMediaConnectServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMediaConnectServicePolicy", - "AWSMediaLiveAnywhereServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMediaLiveAnywhereServiceRolePolicy", - "AWSMediaTailorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMediaTailorServiceRolePolicy", - "AWSMigrationHubDMSAccess": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", - "AWSMigrationHubDiscoveryAccess": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", - "AWSMigrationHubFullAccess": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", - "AWSMigrationHubOrchestratorConsoleFullAccess": "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorConsoleFullAccess", - "AWSMigrationHubOrchestratorInstanceRolePolicy": "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorInstanceRolePolicy", - "AWSMigrationHubOrchestratorPlugin": "arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorPlugin", - "AWSMigrationHubOrchestratorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubOrchestratorServiceRolePolicy", - "AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess": "arn:aws:iam::aws:policy/AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess", - "AWSMigrationHubRefactorSpaces-SSMAutomationPolicy": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubRefactorSpaces-SSMAutomationPolicy", - "AWSMigrationHubRefactorSpacesFullAccess": "arn:aws:iam::aws:policy/AWSMigrationHubRefactorSpacesFullAccess", - "AWSMigrationHubRefactorSpacesServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubRefactorSpacesServiceRolePolicy", - "AWSMigrationHubSMSAccess": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", - "AWSMigrationHubStrategyCollector": "arn:aws:iam::aws:policy/AWSMigrationHubStrategyCollector", - "AWSMigrationHubStrategyConsoleFullAccess": "arn:aws:iam::aws:policy/AWSMigrationHubStrategyConsoleFullAccess", - "AWSMigrationHubStrategyServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubStrategyServiceRolePolicy", - "AWSNATGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSNATGatewayServiceRolePolicy", - "AWSNetworkFirewallFullAccess": "arn:aws:iam::aws:policy/AWSNetworkFirewallFullAccess", - "AWSNetworkFirewallReadOnlyAccess": "arn:aws:iam::aws:policy/AWSNetworkFirewallReadOnlyAccess", - "AWSNetworkFirewallServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy", - "AWSNetworkManagerCloudWANServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerCloudWANServiceRolePolicy", - "AWSNetworkManagerFullAccess": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess", - "AWSNetworkManagerReadOnlyAccess": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess", - "AWSNetworkManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy", - "AWSObservabilityAdminLogsCentralizationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSObservabilityAdminLogsCentralizationServiceRolePolicy", - "AWSObservabilityAdminServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSObservabilityAdminServiceRolePolicy", - "AWSObservabilityAdminTelemetryEnablementServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSObservabilityAdminTelemetryEnablementServiceRolePolicy", - "AWSOrganizationsFullAccess": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", - "AWSOrganizationsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", - "AWSOrganizationsServiceTrustPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", - "AWSOutpostsAuthorizeServerPolicy": "arn:aws:iam::aws:policy/AWSOutpostsAuthorizeServerPolicy", - "AWSOutpostsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy", - "AWSPCSComputeNodePolicy": "arn:aws:iam::aws:policy/AWSPCSComputeNodePolicy", - "AWSPCSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSPCSServiceRolePolicy", - "AWSPanoramaApplianceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy", - "AWSPanoramaApplianceServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceServiceRolePolicy", - "AWSPanoramaFullAccess": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess", - "AWSPanoramaGreengrassGroupRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy", - "AWSPanoramaSageMakerRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy", - "AWSPanoramaServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSPanoramaServiceLinkedRolePolicy", - "AWSPanoramaServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy", - "AWSPartnerCentralChannelHandshakeApprovalManagement": "arn:aws:iam::aws:policy/AWSPartnerCentralChannelHandshakeApprovalManagement", - "AWSPartnerCentralChannelManagement": "arn:aws:iam::aws:policy/AWSPartnerCentralChannelManagement", - "AWSPartnerCentralFullAccess": "arn:aws:iam::aws:policy/AWSPartnerCentralFullAccess", - "AWSPartnerCentralMarketingManagement": "arn:aws:iam::aws:policy/AWSPartnerCentralMarketingManagement", - "AWSPartnerCentralOpportunityManagement": "arn:aws:iam::aws:policy/AWSPartnerCentralOpportunityManagement", - "AWSPartnerCentralSandboxFullAccess": "arn:aws:iam::aws:policy/AWSPartnerCentralSandboxFullAccess", - "AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy": "arn:aws:iam::aws:policy/AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy", - "AWSPartnerLedSupportReadOnlyAccess": "arn:aws:iam::aws:policy/AWSPartnerLedSupportReadOnlyAccess", - "AWSPartnerProServeToolsFullAccess": "arn:aws:iam::aws:policy/AWSPartnerProServeToolsFullAccess", - "AWSPartnerProServeToolsIndividualContributor": "arn:aws:iam::aws:policy/AWSPartnerProServeToolsIndividualContributor", - "AWSPartnerProServeToolsOrganizationReaderIndividualContributor": "arn:aws:iam::aws:policy/AWSPartnerProServeToolsOrganizationReaderIndividualContributor", - "AWSPriceListServiceFullAccess": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", - "AWSPrivateCAAuditor": "arn:aws:iam::aws:policy/AWSPrivateCAAuditor", - "AWSPrivateCAConnectorForKubernetesPolicy": "arn:aws:iam::aws:policy/AWSPrivateCAConnectorForKubernetesPolicy", - "AWSPrivateCAFullAccess": "arn:aws:iam::aws:policy/AWSPrivateCAFullAccess", - "AWSPrivateCAPrivilegedUser": "arn:aws:iam::aws:policy/AWSPrivateCAPrivilegedUser", - "AWSPrivateCAReadOnly": "arn:aws:iam::aws:policy/AWSPrivateCAReadOnly", - "AWSPrivateCAUser": "arn:aws:iam::aws:policy/AWSPrivateCAUser", - "AWSPrivateMarketplaceAdminFullAccess": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", - "AWSPrivateMarketplaceRequests": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", - "AWSPrivateNetworksServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSPrivateNetworksServiceRolePolicy", - "AWSProtonCodeBuildProvisioningBasicAccess": "arn:aws:iam::aws:policy/AWSProtonCodeBuildProvisioningBasicAccess", - "AWSProtonCodeBuildProvisioningServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSProtonCodeBuildProvisioningServiceRolePolicy", - "AWSProtonDeveloperAccess": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess", - "AWSProtonFullAccess": "arn:aws:iam::aws:policy/AWSProtonFullAccess", - "AWSProtonReadOnlyAccess": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess", - "AWSProtonServiceGitSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSProtonServiceGitSyncServiceRolePolicy", - "AWSProtonSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSProtonSyncServiceRolePolicy", - "AWSPurchaseOrdersServiceRolePolicy": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy", - "AWSQuickSetupCFGCPacksPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupCFGCPacksPermissionsBoundary", - "AWSQuickSetupDeploymentRolePolicy": "arn:aws:iam::aws:policy/AWSQuickSetupDeploymentRolePolicy", - "AWSQuickSetupDevOpsGuruPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupDevOpsGuruPermissionsBoundary", - "AWSQuickSetupDistributorPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupDistributorPermissionsBoundary", - "AWSQuickSetupEnableAREXExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupEnableAREXExecutionPolicy", - "AWSQuickSetupEnableDHMCExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupEnableDHMCExecutionPolicy", - "AWSQuickSetupJITNADeploymentRolePolicy": "arn:aws:iam::aws:policy/AWSQuickSetupJITNADeploymentRolePolicy", - "AWSQuickSetupManageJITNAResourcesExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupManageJITNAResourcesExecutionPolicy", - "AWSQuickSetupManagedInstanceProfileExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupManagedInstanceProfileExecutionPolicy", - "AWSQuickSetupPatchPolicyBaselineAccess": "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyBaselineAccess", - "AWSQuickSetupPatchPolicyDeploymentRolePolicy": "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyDeploymentRolePolicy", - "AWSQuickSetupPatchPolicyPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyPermissionsBoundary", - "AWSQuickSetupSSMDeploymentRolePolicy": "arn:aws:iam::aws:policy/AWSQuickSetupSSMDeploymentRolePolicy", - "AWSQuickSetupSSMDeploymentS3BucketRolePolicy": "arn:aws:iam::aws:policy/AWSQuickSetupSSMDeploymentS3BucketRolePolicy", - "AWSQuickSetupSSMHostMgmtPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupSSMHostMgmtPermissionsBoundary", - "AWSQuickSetupSSMLifecycleManagementExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupSSMLifecycleManagementExecutionPolicy", - "AWSQuickSetupSSMManageResourcesExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupSSMManageResourcesExecutionPolicy", - "AWSQuickSetupSchedulerPermissionsBoundary": "arn:aws:iam::aws:policy/AWSQuickSetupSchedulerPermissionsBoundary", - "AWSQuickSetupStartSSMAssociationsExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupStartSSMAssociationsExecutionPolicy", - "AWSQuickSetupStartStopInstancesExecutionPolicy": "arn:aws:iam::aws:policy/AWSQuickSetupStartStopInstancesExecutionPolicy", - "AWSQuickSightAssetBundleExportPolicy": "arn:aws:iam::aws:policy/AWSQuickSightAssetBundleExportPolicy", - "AWSQuickSightAssetBundleImportPolicy": "arn:aws:iam::aws:policy/AWSQuickSightAssetBundleImportPolicy", - "AWSQuickSightDescribeRDS": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS", - "AWSQuickSightDescribeRedshift": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift", - "AWSQuickSightElasticsearchPolicy": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy", - "AWSQuickSightIoTAnalyticsAccess": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", - "AWSQuickSightListIAM": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM", - "AWSQuickSightSageMakerPolicy": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy", - "AWSQuickSightSecretsManagerWriteAccess": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSecretsManagerWriteAccess", - "AWSQuickSightSecretsManagerWritePolicy": "arn:aws:iam::aws:policy/AWSQuickSightSecretsManagerWritePolicy", - "AWSQuickSightTimestreamPolicy": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy", - "AWSQuicksightAthenaAccess": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", - "AWSQuicksightOpenSearchPolicy": "arn:aws:iam::aws:policy/service-role/AWSQuicksightOpenSearchPolicy", - "AWSReachabilityAnalyzerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSReachabilityAnalyzerServiceRolePolicy", - "AWSRefactoringToolkitFullAccess": "arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess", - "AWSRefactoringToolkitSidecarPolicy": "arn:aws:iam::aws:policy/AWSRefactoringToolkitSidecarPolicy", - "AWSRepostSpaceSupportOperationsPolicy": "arn:aws:iam::aws:policy/AWSRepostSpaceSupportOperationsPolicy", - "AWSResilienceHubAsssessmentExecutionPolicy": "arn:aws:iam::aws:policy/AWSResilienceHubAsssessmentExecutionPolicy", - "AWSResourceAccessManagerFullAccess": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", - "AWSResourceAccessManagerReadOnlyAccess": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess", - "AWSResourceAccessManagerResourceShareParticipantAccess": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess", - "AWSResourceAccessManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", - "AWSResourceExplorerFullAccess": "arn:aws:iam::aws:policy/AWSResourceExplorerFullAccess", - "AWSResourceExplorerOrganizationsAccess": "arn:aws:iam::aws:policy/AWSResourceExplorerOrganizationsAccess", - "AWSResourceExplorerReadOnlyAccess": "arn:aws:iam::aws:policy/AWSResourceExplorerReadOnlyAccess", - "AWSResourceExplorerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", - "AWSResourceGroupsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess", - "AWSRoboMakerReadOnlyAccess": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", - "AWSRoboMakerServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", - "AWSRoboMakerServiceRolePolicy": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", - "AWSRoboMaker_FullAccess": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess", - "AWSRolesAnywhereFullAccess": "arn:aws:iam::aws:policy/AWSRolesAnywhereFullAccess", - "AWSRolesAnywhereReadOnly": "arn:aws:iam::aws:policy/AWSRolesAnywhereReadOnly", - "AWSRolesAnywhereServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy", - "AWSS3OnOutpostsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSS3OnOutpostsServiceRolePolicy", - "AWSSSMForSAPServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSSMForSAPServiceLinkedRolePolicy", - "AWSSSMOpsInsightsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy", - "AWSSSODirectoryAdministrator": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", - "AWSSSODirectoryReadOnly": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", - "AWSSSOMasterAccountAdministrator": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", - "AWSSSOMemberAccountAdministrator": "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator", - "AWSSSOReadOnly": "arn:aws:iam::aws:policy/AWSSSOReadOnly", - "AWSSSOServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", - "AWSSavingsPlansFullAccess": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", - "AWSSavingsPlansReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", - "AWSSecretsManagerClientReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSecretsManagerClientReadOnlyAccess", - "AWSSecurityAgentWebAppPolicy": "arn:aws:iam::aws:policy/service-role/AWSSecurityAgentWebAppPolicy", - "AWSSecurityHubFullAccess": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", - "AWSSecurityHubOrganizationsAccess": "arn:aws:iam::aws:policy/AWSSecurityHubOrganizationsAccess", - "AWSSecurityHubReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", - "AWSSecurityHubServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", - "AWSSecurityHubV2ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubV2ServiceRolePolicy", - "AWSSecurityIncidentResponseCaseFullAccess": "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseCaseFullAccess", - "AWSSecurityIncidentResponseFullAccess": "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseFullAccess", - "AWSSecurityIncidentResponseReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSecurityIncidentResponseReadOnlyAccess", - "AWSSecurityIncidentResponseServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityIncidentResponseServiceRolePolicy", - "AWSSecurityIncidentResponseTriageServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityIncidentResponseTriageServiceRolePolicy", - "AWSServiceCatalogAdminFullAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", - "AWSServiceCatalogAdminReadOnlyAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", - "AWSServiceCatalogAppRegistryFullAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess", - "AWSServiceCatalogAppRegistryReadOnlyAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess", - "AWSServiceCatalogAppRegistryServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy", - "AWSServiceCatalogEndUserFullAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", - "AWSServiceCatalogEndUserReadOnlyAccess": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", - "AWSServiceCatalogOrgsDataSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogOrgsDataSyncServiceRolePolicy", - "AWSServiceCatalogSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogSyncServiceRolePolicy", - "AWSServiceRoleForAIDevOpsPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAIDevOpsPolicy", - "AWSServiceRoleForAWSTransform": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAWSTransform", - "AWSServiceRoleForAWSTransformCustom": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAWSTransformCustom", - "AWSServiceRoleForAmazonEKSNodegroup": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", - "AWSServiceRoleForAmazonQDeveloper": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonQDeveloper", - "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", - "AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy", - "AWSServiceRoleForCodeGuru-Profiler": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler", - "AWSServiceRoleForCodeWhispererPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeWhispererPolicy", - "AWSServiceRoleForEC2ScheduledInstances": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", - "AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy", - "AWSServiceRoleForImageBuilder": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", - "AWSServiceRoleForIoTSiteWise": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", - "AWSServiceRoleForLogDeliveryPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", - "AWSServiceRoleForMonitronPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy", - "AWSServiceRoleForNeptuneGraphPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForNeptuneGraphPolicy", - "AWSServiceRoleForPrivateMarketplaceAdminPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForPrivateMarketplaceAdminPolicy", - "AWSServiceRoleForProcurementInsightsPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForProcurementInsightsPolicy", - "AWSServiceRoleForSMS": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", - "AWSServiceRoleForUserSubscriptions": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForUserSubscriptions", - "AWSServiceRolePolicyForBackupReports": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports", - "AWSServiceRolePolicyForBackupRestoreTesting": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupRestoreTesting", - "AWSServiceRolePolicyForWorkspacesInstances": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForWorkspacesInstances", - "AWSShieldDRTAccessPolicy": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", - "AWSShieldServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy", - "AWSSocialMessagingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSocialMessagingServiceRolePolicy", - "AWSStepFunctionsConsoleFullAccess": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", - "AWSStepFunctionsFullAccess": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", - "AWSStepFunctionsReadOnlyAccess": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", - "AWSStorageGatewayFullAccess": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess", - "AWSStorageGatewayReadOnlyAccess": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess", - "AWSStorageGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy", - "AWSSupplyChainFederationAdminAccess": "arn:aws:iam::aws:policy/service-role/AWSSupplyChainFederationAdminAccess", - "AWSSupportAccess": "arn:aws:iam::aws:policy/AWSSupportAccess", - "AWSSupportAppFullAccess": "arn:aws:iam::aws:policy/AWSSupportAppFullAccess", - "AWSSupportAppReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSupportAppReadOnlyAccess", - "AWSSupportPlansFullAccess": "arn:aws:iam::aws:policy/AWSSupportPlansFullAccess", - "AWSSupportPlansReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSupportPlansReadOnlyAccess", - "AWSSupportServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "AWSSystemsManagerAccountDiscoveryServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", - "AWSSystemsManagerChangeManagementServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy", - "AWSSystemsManagerEnableConfigRecordingExecutionPolicy": "arn:aws:iam::aws:policy/AWSSystemsManagerEnableConfigRecordingExecutionPolicy", - "AWSSystemsManagerEnableExplorerExecutionPolicy": "arn:aws:iam::aws:policy/AWSSystemsManagerEnableExplorerExecutionPolicy", - "AWSSystemsManagerForSAPFullAccess": "arn:aws:iam::aws:policy/AWSSystemsManagerForSAPFullAccess", - "AWSSystemsManagerForSAPReadOnlyAccess": "arn:aws:iam::aws:policy/AWSSystemsManagerForSAPReadOnlyAccess", - "AWSSystemsManagerJustInTimeAccessServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerJustInTimeAccessServicePolicy", - "AWSSystemsManagerJustInTimeAccessTokenPolicy": "arn:aws:iam::aws:policy/AWSSystemsManagerJustInTimeAccessTokenPolicy", - "AWSSystemsManagerJustInTimeAccessTokenSessionPolicy": "arn:aws:iam::aws:policy/AWSSystemsManagerJustInTimeAccessTokenSessionPolicy", - "AWSSystemsManagerJustInTimeNodeAccessRolePropagationPolicy": "arn:aws:iam::aws:policy/AWSSystemsManagerJustInTimeNodeAccessRolePropagationPolicy", - "AWSSystemsManagerNotificationsServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerNotificationsServicePolicy", - "AWSSystemsManagerOpsDataSyncServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy", - "AWSThinkboxAWSPortalAdminPolicy": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy", - "AWSThinkboxAWSPortalGatewayPolicy": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy", - "AWSThinkboxAWSPortalWorkerPolicy": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy", - "AWSThinkboxAssetServerPolicy": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy", - "AWSThinkboxDeadlineResourceTrackerAccessPolicy": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy", - "AWSThinkboxDeadlineResourceTrackerAdminPolicy": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy", - "AWSThinkboxDeadlineSpotEventPluginAdminPolicy": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy", - "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", - "AWSTransferConsoleFullAccess": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess", - "AWSTransferFullAccess": "arn:aws:iam::aws:policy/AWSTransferFullAccess", - "AWSTransferLoggingAccess": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", - "AWSTransferReadOnlyAccess": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess", - "AWSTransformApplicationDeploymentPolicy": "arn:aws:iam::aws:policy/service-role/AWSTransformApplicationDeploymentPolicy", - "AWSTransformApplicationECSDeploymentPolicy": "arn:aws:iam::aws:policy/service-role/AWSTransformApplicationECSDeploymentPolicy", - "AWSTransformCustomExecuteTransformations": "arn:aws:iam::aws:policy/AWSTransformCustomExecuteTransformations", - "AWSTransformCustomFullAccess": "arn:aws:iam::aws:policy/AWSTransformCustomFullAccess", - "AWSTransformCustomManageTransformations": "arn:aws:iam::aws:policy/AWSTransformCustomManageTransformations", - "AWSTransformSecretsManagerConnectorPolicy": "arn:aws:iam::aws:policy/AWSTransformSecretsManagerConnectorPolicy", - "AWSTrustedAdvisorPriorityFullAccess": "arn:aws:iam::aws:policy/AWSTrustedAdvisorPriorityFullAccess", - "AWSTrustedAdvisorPriorityReadOnlyAccess": "arn:aws:iam::aws:policy/AWSTrustedAdvisorPriorityReadOnlyAccess", - "AWSTrustedAdvisorReportingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy", - "AWSTrustedAdvisorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "AWSUserAttributeCostAllocationPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSUserAttributeCostAllocationPolicy", - "AWSUserNotificationsServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSUserNotificationsServiceLinkedRolePolicy", - "AWSVPCFlowLogsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCFlowLogsServiceRolePolicy", - "AWSVPCS2SVpnServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", - "AWSVPCTransitGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", - "AWSVPCVerifiedAccessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCVerifiedAccessServiceRolePolicy", - "AWSVendorInsightsAssessorFullAccess": "arn:aws:iam::aws:policy/AWSVendorInsightsAssessorFullAccess", - "AWSVendorInsightsAssessorReadOnly": "arn:aws:iam::aws:policy/AWSVendorInsightsAssessorReadOnly", - "AWSVendorInsightsVendorFullAccess": "arn:aws:iam::aws:policy/AWSVendorInsightsVendorFullAccess", - "AWSVendorInsightsVendorReadOnly": "arn:aws:iam::aws:policy/AWSVendorInsightsVendorReadOnly", - "AWSVpcLatticeServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSVpcLatticeServiceRolePolicy", - "AWSWAFConsoleFullAccess": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess", - "AWSWAFConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess", - "AWSWAFFullAccess": "arn:aws:iam::aws:policy/AWSWAFFullAccess", - "AWSWAFReadOnlyAccess": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", - "AWSWellArchitectedDiscoveryServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSWellArchitectedDiscoveryServiceRolePolicy", - "AWSWellArchitectedOrganizationsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSWellArchitectedOrganizationsServiceRolePolicy", - "AWSWickrFullAccess": "arn:aws:iam::aws:policy/AWSWickrFullAccess", - "AWSXRayDaemonWriteAccess": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", - "AWSXrayCrossAccountSharingConfiguration": "arn:aws:iam::aws:policy/AWSXrayCrossAccountSharingConfiguration", - "AWSXrayFullAccess": "arn:aws:iam::aws:policy/AWSXrayFullAccess", - "AWSXrayReadOnlyAccess": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", - "AWSXrayWriteOnlyAccess": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", - "AWSZonalAutoshiftPracticeRunSLRPolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSZonalAutoshiftPracticeRunSLRPolicy", - "AWSZoneGroupAccessManagementServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AWSZoneGroupAccessManagementServiceRolePolicy", - "AWS_ConfigRole": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole", - "AWSrePostPrivateCloudWatchAccess": "arn:aws:iam::aws:policy/aws-service-role/AWSrePostPrivateCloudWatchAccess", - "AccessAnalyzerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy", - "AccountManagementFromVercel": "arn:aws:iam::aws:policy/AccountManagementFromVercel", - "AdministratorAccess": "arn:aws:iam::aws:policy/AdministratorAccess", - "AdministratorAccess-AWSElasticBeanstalk": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", - "AdministratorAccess-Amplify": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify", - "AlexaForBusinessDeviceSetup": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", - "AlexaForBusinessFullAccess": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", - "AlexaForBusinessGatewayExecution": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", - "AlexaForBusinessLifesizeDelegatedAccessPolicy": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy", - "AlexaForBusinessNetworkProfileServicePolicy": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", - "AlexaForBusinessPolyDelegatedAccessPolicy": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", - "AlexaForBusinessReadOnlyAccess": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", - "AmazonAPIGatewayAdministrator": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", - "AmazonAPIGatewayInvokeFullAccess": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", - "AmazonAPIGatewayPushToCloudWatchLogs": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - "AmazonAppFlowFullAccess": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess", - "AmazonAppFlowReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess", - "AmazonAppStreamFullAccess": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", - "AmazonAppStreamPCAAccess": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamPCAAccess", - "AmazonAppStreamReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", - "AmazonAppStreamServiceAccess": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", - "AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy": "arn:aws:iam::aws:policy/AmazonApplicationRecoveryControllerRegionSwitchPlanExecutionPolicy", - "AmazonAthenaFullAccess": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", - "AmazonAthenaServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonAthenaServiceRolePolicy", - "AmazonAugmentedAIFullAccess": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess", - "AmazonAugmentedAIHumanLoopFullAccess": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess", - "AmazonAugmentedAIIntegratedAPIAccess": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess", - "AmazonAuroraDSQLConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonAuroraDSQLConsoleFullAccess", - "AmazonAuroraDSQLFullAccess": "arn:aws:iam::aws:policy/AmazonAuroraDSQLFullAccess", - "AmazonAuroraDSQLReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonAuroraDSQLReadOnlyAccess", - "AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy": "arn:aws:iam::aws:policy/AmazonBedrockAgentCoreMemoryBedrockModelInferenceExecutionRolePolicy", - "AmazonBedrockFullAccess": "arn:aws:iam::aws:policy/AmazonBedrockFullAccess", - "AmazonBedrockLimitedAccess": "arn:aws:iam::aws:policy/AmazonBedrockLimitedAccess", - "AmazonBedrockMantleFullAccess": "arn:aws:iam::aws:policy/AmazonBedrockMantleFullAccess", - "AmazonBedrockMantleInferenceAccess": "arn:aws:iam::aws:policy/AmazonBedrockMantleInferenceAccess", - "AmazonBedrockMantleReadOnly": "arn:aws:iam::aws:policy/AmazonBedrockMantleReadOnly", - "AmazonBedrockMarketplaceAccess": "arn:aws:iam::aws:policy/AmazonBedrockMarketplaceAccess", - "AmazonBedrockReadOnly": "arn:aws:iam::aws:policy/AmazonBedrockReadOnly", - "AmazonBedrockStudioPermissionsBoundary": "arn:aws:iam::aws:policy/AmazonBedrockStudioPermissionsBoundary", - "AmazonBraketFullAccess": "arn:aws:iam::aws:policy/AmazonBraketFullAccess", - "AmazonBraketJobsExecutionPolicy": "arn:aws:iam::aws:policy/AmazonBraketJobsExecutionPolicy", - "AmazonBraketServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy", - "AmazonChimeFullAccess": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", - "AmazonChimeReadOnly": "arn:aws:iam::aws:policy/AmazonChimeReadOnly", - "AmazonChimeSDK": "arn:aws:iam::aws:policy/AmazonChimeSDK", - "AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy", - "AmazonChimeSDKMessagingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeSDKMessagingServiceRolePolicy", - "AmazonChimeServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", - "AmazonChimeTranscriptionServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeTranscriptionServiceLinkedRolePolicy", - "AmazonChimeUserManagement": "arn:aws:iam::aws:policy/AmazonChimeUserManagement", - "AmazonChimeVoiceConnectorServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", - "AmazonCloudDirectoryFullAccess": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", - "AmazonCloudDirectoryReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess", - "AmazonCloudWatchEvidentlyFullAccess": "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyFullAccess", - "AmazonCloudWatchEvidentlyReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyReadOnlyAccess", - "AmazonCloudWatchEvidentlyServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonCloudWatchEvidentlyServiceRolePolicy", - "AmazonCloudWatchRUMFullAccess": "arn:aws:iam::aws:policy/AmazonCloudWatchRUMFullAccess", - "AmazonCloudWatchRUMReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCloudWatchRUMReadOnlyAccess", - "AmazonCloudWatchRUMServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonCloudWatchRUMServiceRolePolicy", - "AmazonCodeCatalystFullAccess": "arn:aws:iam::aws:policy/AmazonCodeCatalystFullAccess", - "AmazonCodeCatalystReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCodeCatalystReadOnlyAccess", - "AmazonCodeCatalystSupportAccess": "arn:aws:iam::aws:policy/service-role/AmazonCodeCatalystSupportAccess", - "AmazonCodeGuruProfilerAgentAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess", - "AmazonCodeGuruProfilerFullAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess", - "AmazonCodeGuruProfilerReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess", - "AmazonCodeGuruReviewerFullAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess", - "AmazonCodeGuruReviewerReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess", - "AmazonCodeGuruReviewerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy", - "AmazonCodeGuruSecurityFullAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruSecurityFullAccess", - "AmazonCodeGuruSecurityScanAccess": "arn:aws:iam::aws:policy/AmazonCodeGuruSecurityScanAccess", - "AmazonCognitoDeveloperAuthenticatedIdentities": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", - "AmazonCognitoIdpEmailServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", - "AmazonCognitoIdpServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy", - "AmazonCognitoPowerUser": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", - "AmazonCognitoReadOnly": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", - "AmazonCognitoUnAuthedIdentitiesSessionPolicy": "arn:aws:iam::aws:policy/AmazonCognitoUnAuthedIdentitiesSessionPolicy", - "AmazonCognitoUnauthenticatedIdentities": "arn:aws:iam::aws:policy/AmazonCognitoUnauthenticatedIdentities", - "AmazonConnectCampaignsServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectCampaignsServiceLinkedRolePolicy", - "AmazonConnectReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", - "AmazonConnectServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", - "AmazonConnectSynchronizationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectSynchronizationServiceRolePolicy", - "AmazonConnectVoiceIDFullAccess": "arn:aws:iam::aws:policy/AmazonConnectVoiceIDFullAccess", - "AmazonConnect_FullAccess": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess", - "AmazonDMSCloudWatchLogsRole": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", - "AmazonDMSRedshiftS3Role": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", - "AmazonDMSVPCManagementRole": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", - "AmazonDRSVPCManagement": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement", - "AmazonDataZoneBedrockModelConsumptionPolicy": "arn:aws:iam::aws:policy/service-role/AmazonDataZoneBedrockModelConsumptionPolicy", - "AmazonDataZoneBedrockModelManagementPolicy": "arn:aws:iam::aws:policy/service-role/AmazonDataZoneBedrockModelManagementPolicy", - "AmazonDataZoneDomainExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonDataZoneDomainExecutionRolePolicy", - "AmazonDataZoneEnvironmentRolePermissionsBoundary": "arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary", - "AmazonDataZoneFullAccess": "arn:aws:iam::aws:policy/AmazonDataZoneFullAccess", - "AmazonDataZoneFullUserAccess": "arn:aws:iam::aws:policy/AmazonDataZoneFullUserAccess", - "AmazonDataZoneGlueManageAccessRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonDataZoneGlueManageAccessRolePolicy", - "AmazonDataZoneRedshiftGlueProvisioningPolicy": "arn:aws:iam::aws:policy/AmazonDataZoneRedshiftGlueProvisioningPolicy", - "AmazonDataZoneRedshiftManageAccessRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonDataZoneRedshiftManageAccessRolePolicy", - "AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary": "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary", - "AmazonDataZoneSageMakerManageAccessRolePolicy": "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerManageAccessRolePolicy", - "AmazonDataZoneSageMakerProvisioningRolePolicy": "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerProvisioningRolePolicy", - "AmazonDetectiveFullAccess": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess", - "AmazonDetectiveInvestigatorAccess": "arn:aws:iam::aws:policy/AmazonDetectiveInvestigatorAccess", - "AmazonDetectiveMemberAccess": "arn:aws:iam::aws:policy/AmazonDetectiveMemberAccess", - "AmazonDetectiveOrganizationsAccess": "arn:aws:iam::aws:policy/AmazonDetectiveOrganizationsAccess", - "AmazonDetectiveServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonDetectiveServiceLinkedRolePolicy", - "AmazonDevOpsGuruConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonDevOpsGuruConsoleFullAccess", - "AmazonDevOpsGuruFullAccess": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess", - "AmazonDevOpsGuruOrganizationsAccess": "arn:aws:iam::aws:policy/AmazonDevOpsGuruOrganizationsAccess", - "AmazonDevOpsGuruReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess", - "AmazonDevOpsGuruServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy", - "AmazonDocDB-ElasticServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonDocDB-ElasticServiceRolePolicy", - "AmazonDocDBConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", - "AmazonDocDBElasticFullAccess": "arn:aws:iam::aws:policy/AmazonDocDBElasticFullAccess", - "AmazonDocDBElasticReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonDocDBElasticReadOnlyAccess", - "AmazonDocDBFullAccess": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", - "AmazonDocDBReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess", - "AmazonDynamoDBFullAccess": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", - "AmazonDynamoDBFullAccess_v2": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess_v2", - "AmazonDynamoDBFullAccesswithDataPipeline": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", - "AmazonDynamoDBReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", - "AmazonEBSCSIDriverEKSClusterScopedPolicy": "arn:aws:iam::aws:policy/AmazonEBSCSIDriverEKSClusterScopedPolicy", - "AmazonEBSCSIDriverPolicy": "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", - "AmazonEBSCSIDriverPolicyV2": "arn:aws:iam::aws:policy/AmazonEBSCSIDriverPolicyV2", - "AmazonEC2ContainerRegistryFullAccess": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", - "AmazonEC2ContainerRegistryPowerUser": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", - "AmazonEC2ContainerRegistryPullOnly": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly", - "AmazonEC2ContainerRegistryReadOnly": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - "AmazonEC2ContainerServiceAutoscaleRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", - "AmazonEC2ContainerServiceEventsRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole", - "AmazonEC2ContainerServiceRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", - "AmazonEC2ContainerServiceforEC2Role": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", - "AmazonEC2FullAccess": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", - "AmazonEC2ImageReferencesAccessPolicy": "arn:aws:iam::aws:policy/AmazonEC2ImageReferencesAccessPolicy", - "AmazonEC2ReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", - "AmazonEC2RolePolicyForLaunchWizard": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", - "AmazonEC2RoleforAWSCodeDeploy": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", - "AmazonEC2RoleforAWSCodeDeployLimited": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited", - "AmazonEC2RoleforDataPipelineRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", - "AmazonEC2RoleforSSM": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", - "AmazonEC2SpotFleetAutoscaleRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole", - "AmazonEC2SpotFleetTaggingRole": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", - "AmazonECSComputeServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSComputeServiceRolePolicy", - "AmazonECSInfrastructureRolePolicyForLoadBalancers": "arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForLoadBalancers", - "AmazonECSInfrastructureRolePolicyForManagedInstances": "arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForManagedInstances", - "AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity": "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity", - "AmazonECSInfrastructureRolePolicyForVolumes": "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForVolumes", - "AmazonECSInfrastructureRolePolicyForVpcLattice": "arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForVpcLattice", - "AmazonECSInfrastructureRoleforExpressGatewayServices": "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRoleforExpressGatewayServices", - "AmazonECSInstanceRolePolicyForManagedInstances": "arn:aws:iam::aws:policy/AmazonECSInstanceRolePolicyForManagedInstances", - "AmazonECSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", - "AmazonECSTaskExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", - "AmazonECS_FullAccess": "arn:aws:iam::aws:policy/AmazonECS_FullAccess", - "AmazonEFSCSIDriverPolicy": "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy", - "AmazonEKSBlockStoragePolicy": "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy", - "AmazonEKSBlockStoragePolicyV2": "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicyV2", - "AmazonEKSClusterPolicy": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "AmazonEKSComputePolicy": "arn:aws:iam::aws:policy/AmazonEKSComputePolicy", - "AmazonEKSConnectorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSConnectorServiceRolePolicy", - "AmazonEKSDashboardConsoleReadOnly": "arn:aws:iam::aws:policy/AmazonEKSDashboardConsoleReadOnly", - "AmazonEKSDashboardServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSDashboardServiceRolePolicy", - "AmazonEKSFargatePodExecutionRolePolicy": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", - "AmazonEKSForFargateServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", - "AmazonEKSLoadBalancingPolicy": "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy", - "AmazonEKSLocalOutpostClusterPolicy": "arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy", - "AmazonEKSLocalOutpostServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSLocalOutpostServiceRolePolicy", - "AmazonEKSMCPReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEKSMCPReadOnlyAccess", - "AmazonEKSNetworkingPolicy": "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy", - "AmazonEKSServicePolicy": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", - "AmazonEKSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", - "AmazonEKSVPCResourceController": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", - "AmazonEKSWorkerNodeMinimalPolicy": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy", - "AmazonEKSWorkerNodePolicy": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "AmazonEKS_CNI_Policy": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "AmazonEMRCleanupPolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", - "AmazonEMRContainersServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", - "AmazonEMRFullAccessPolicy_v2": "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2", - "AmazonEMRReadOnlyAccessPolicy_v2": "arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2", - "AmazonEMRServerlessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRServerlessServiceRolePolicy", - "AmazonEMRServicePolicy_v2": "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2", - "AmazonESCognitoAccess": "arn:aws:iam::aws:policy/AmazonESCognitoAccess", - "AmazonESFullAccess": "arn:aws:iam::aws:policy/AmazonESFullAccess", - "AmazonESReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess", - "AmazonEVSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEVSServiceRolePolicy", - "AmazonElastiCacheFullAccess": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess", - "AmazonElastiCacheReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess", - "AmazonElasticContainerRegistryPublicFullAccess": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess", - "AmazonElasticContainerRegistryPublicPowerUser": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser", - "AmazonElasticContainerRegistryPublicReadOnly": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly", - "AmazonElasticFileSystemClientFullAccess": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", - "AmazonElasticFileSystemClientReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess", - "AmazonElasticFileSystemClientReadWriteAccess": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", - "AmazonElasticFileSystemFullAccess": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", - "AmazonElasticFileSystemReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", - "AmazonElasticFileSystemServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", - "AmazonElasticFileSystemsUtils": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", - "AmazonElasticMapReduceEditorsRole": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", - "AmazonElasticMapReduceFullAccess": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", - "AmazonElasticMapReducePlacementGroupPolicy": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy", - "AmazonElasticMapReduceReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", - "AmazonElasticMapReduceRole": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", - "AmazonElasticMapReduceforAutoScalingRole": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", - "AmazonElasticMapReduceforEC2Role": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", - "AmazonElasticTranscoderRole": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", - "AmazonElasticTranscoder_FullAccess": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", - "AmazonElasticTranscoder_JobsSubmitter": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", - "AmazonElasticTranscoder_ReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", - "AmazonElasticsearchServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", - "AmazonEventBridgeApiDestinationsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", - "AmazonEventBridgeFullAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", - "AmazonEventBridgePipesFullAccess": "arn:aws:iam::aws:policy/AmazonEventBridgePipesFullAccess", - "AmazonEventBridgePipesOperatorAccess": "arn:aws:iam::aws:policy/AmazonEventBridgePipesOperatorAccess", - "AmazonEventBridgePipesReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEventBridgePipesReadOnlyAccess", - "AmazonEventBridgeReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", - "AmazonEventBridgeSchedulerFullAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerFullAccess", - "AmazonEventBridgeSchedulerReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeSchedulerReadOnlyAccess", - "AmazonEventBridgeSchemasFullAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess", - "AmazonEventBridgeSchemasReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess", - "AmazonEventBridgeSchemasServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy", - "AmazonFISServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", - "AmazonFSxConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", - "AmazonFSxConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", - "AmazonFSxFullAccess": "arn:aws:iam::aws:policy/AmazonFSxFullAccess", - "AmazonFSxReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess", - "AmazonFSxServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", - "AmazonForecastFullAccess": "arn:aws:iam::aws:policy/AmazonForecastFullAccess", - "AmazonFraudDetectorFullAccessPolicy": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy", - "AmazonFreeRTOSFullAccess": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", - "AmazonFreeRTOSOTAUpdate": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", - "AmazonGlacierFullAccess": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", - "AmazonGlacierReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess", - "AmazonGrafanaAthenaAccess": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess", - "AmazonGrafanaCloudWatchAccess": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaCloudWatchAccess", - "AmazonGrafanaRedshiftAccess": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaRedshiftAccess", - "AmazonGrafanaServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy", - "AmazonGuardDutyFullAccess_v2": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess_v2", - "AmazonGuardDutyMalwareProtectionServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy", - "AmazonGuardDutyReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", - "AmazonGuardDutyServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", - "AmazonHealthLakeFullAccess": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess", - "AmazonHealthLakeReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess", - "AmazonHoneycodeFullAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess", - "AmazonHoneycodeReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess", - "AmazonHoneycodeServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy", - "AmazonHoneycodeTeamAssociationFullAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess", - "AmazonHoneycodeTeamAssociationReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess", - "AmazonHoneycodeWorkbookFullAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess", - "AmazonHoneycodeWorkbookReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess", - "AmazonInspector2AgentlessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2AgentlessServiceRolePolicy", - "AmazonInspector2FullAccess": "arn:aws:iam::aws:policy/AmazonInspector2FullAccess", - "AmazonInspector2FullAccess_v2": "arn:aws:iam::aws:policy/AmazonInspector2FullAccess_v2", - "AmazonInspector2ManagedCisPolicy": "arn:aws:iam::aws:policy/AmazonInspector2ManagedCisPolicy", - "AmazonInspector2ManagedTelemetryPolicy": "arn:aws:iam::aws:policy/AmazonInspector2ManagedTelemetryPolicy", - "AmazonInspector2ReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonInspector2ReadOnlyAccess", - "AmazonInspector2ServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy", - "AmazonInspectorFullAccess": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", - "AmazonInspectorReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", - "AmazonInspectorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", - "AmazonKendraFullAccess": "arn:aws:iam::aws:policy/AmazonKendraFullAccess", - "AmazonKendraReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess", - "AmazonKeyspacesFullAccess": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess", - "AmazonKeyspacesReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess", - "AmazonKeyspacesReadOnlyAccess_v2": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess_v2", - "AmazonKinesisAnalyticsFullAccess": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", - "AmazonKinesisAnalyticsReadOnly": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly", - "AmazonKinesisFirehoseFullAccess": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess", - "AmazonKinesisFirehoseReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess", - "AmazonKinesisFullAccess": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess", - "AmazonKinesisReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", - "AmazonKinesisVideoStreamsFullAccess": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess", - "AmazonKinesisVideoStreamsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess", - "AmazonLaunchWizardFullAccessV2": "arn:aws:iam::aws:policy/AmazonLaunchWizardFullAccessV2", - "AmazonLexChannelsAccess": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess", - "AmazonLexFullAccess": "arn:aws:iam::aws:policy/AmazonLexFullAccess", - "AmazonLexReadOnly": "arn:aws:iam::aws:policy/AmazonLexReadOnly", - "AmazonLexReplicationPolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexReplicationPolicy", - "AmazonLexRunBotsOnly": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", - "AmazonLexV2BotPolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", - "AmazonLookoutEquipmentFullAccess": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess", - "AmazonLookoutEquipmentReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentReadOnlyAccess", - "AmazonLookoutMetricsFullAccess": "arn:aws:iam::aws:policy/AmazonLookoutMetricsFullAccess", - "AmazonLookoutMetricsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonLookoutMetricsReadOnlyAccess", - "AmazonLookoutVisionConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess", - "AmazonLookoutVisionConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleReadOnlyAccess", - "AmazonLookoutVisionFullAccess": "arn:aws:iam::aws:policy/AmazonLookoutVisionFullAccess", - "AmazonLookoutVisionReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonLookoutVisionReadOnlyAccess", - "AmazonMCSFullAccess": "arn:aws:iam::aws:policy/AmazonMCSFullAccess", - "AmazonMCSReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess", - "AmazonMQApiFullAccess": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", - "AmazonMQApiReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", - "AmazonMQFullAccess": "arn:aws:iam::aws:policy/AmazonMQFullAccess", - "AmazonMQReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", - "AmazonMQServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", - "AmazonMSKConnectReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMSKConnectReadOnlyAccess", - "AmazonMSKFullAccess": "arn:aws:iam::aws:policy/AmazonMSKFullAccess", - "AmazonMSKReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", - "AmazonMWAAServerlessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServerlessServiceRolePolicy", - "AmazonMWAAServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy", - "AmazonMachineLearningBatchPredictionsAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", - "AmazonMachineLearningCreateOnlyAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess", - "AmazonMachineLearningFullAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess", - "AmazonMachineLearningManageRealTimeEndpointOnlyAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess", - "AmazonMachineLearningReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess", - "AmazonMachineLearningRealTimePredictionOnlyAccess": "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess", - "AmazonMachineLearningRoleforRedshiftDataSourceV3": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3", - "AmazonMacieFullAccess": "arn:aws:iam::aws:policy/AmazonMacieFullAccess", - "AmazonMacieHandshakeRole": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole", - "AmazonMacieReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMacieReadOnlyAccess", - "AmazonMacieServiceRole": "arn:aws:iam::aws:policy/service-role/AmazonMacieServiceRole", - "AmazonMacieServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy", - "AmazonManagedBlockchainConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess", - "AmazonManagedBlockchainFullAccess": "arn:aws:iam::aws:policy/AmazonManagedBlockchainFullAccess", - "AmazonManagedBlockchainReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonManagedBlockchainReadOnlyAccess", - "AmazonManagedBlockchainServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy", - "AmazonMechanicalTurkFullAccess": "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess", - "AmazonMechanicalTurkReadOnly": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly", - "AmazonMemoryDBFullAccess": "arn:aws:iam::aws:policy/AmazonMemoryDBFullAccess", - "AmazonMemoryDBReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonMemoryDBReadOnlyAccess", - "AmazonMobileAnalyticsFinancialReportAccess": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess", - "AmazonMobileAnalyticsFullAccess": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess", - "AmazonMobileAnalyticsNon-financialReportAccess": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess", - "AmazonMobileAnalyticsWriteOnlyAccess": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess", - "AmazonMonitronFullAccess": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess", - "AmazonNimbleStudio-LaunchProfileWorker": "arn:aws:iam::aws:policy/AmazonNimbleStudio-LaunchProfileWorker", - "AmazonNimbleStudio-StudioAdmin": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioAdmin", - "AmazonNimbleStudio-StudioUser": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioUser", - "AmazonODBServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonODBServiceRolePolicy", - "AmazonOmicsFullAccess": "arn:aws:iam::aws:policy/AmazonOmicsFullAccess", - "AmazonOmicsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonOmicsReadOnlyAccess", - "AmazonOneEnterpriseFullAccess": "arn:aws:iam::aws:policy/AmazonOneEnterpriseFullAccess", - "AmazonOneEnterpriseInstallerAccess": "arn:aws:iam::aws:policy/AmazonOneEnterpriseInstallerAccess", - "AmazonOneEnterpriseReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonOneEnterpriseReadOnlyAccess", - "AmazonOpenSearchDashboardsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchDashboardsServiceRolePolicy", - "AmazonOpenSearchDirectQueryGlueCreateAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchDirectQueryGlueCreateAccess", - "AmazonOpenSearchIngestionFullAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchIngestionFullAccess", - "AmazonOpenSearchIngestionReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchIngestionReadOnlyAccess", - "AmazonOpenSearchIngestionServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchIngestionServiceRolePolicy", - "AmazonOpenSearchServerlessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServerlessServiceRolePolicy", - "AmazonOpenSearchServiceCognitoAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceCognitoAccess", - "AmazonOpenSearchServiceFullAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess", - "AmazonOpenSearchServiceReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceReadOnlyAccess", - "AmazonOpenSearchServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy", - "AmazonPersonalizeFullAccess": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess", - "AmazonPollyFullAccess": "arn:aws:iam::aws:policy/AmazonPollyFullAccess", - "AmazonPollyReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess", - "AmazonPrometheusConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess", - "AmazonPrometheusFullAccess": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess", - "AmazonPrometheusQueryAccess": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess", - "AmazonPrometheusRemoteWriteAccess": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", - "AmazonPrometheusScraperServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonPrometheusScraperServiceRolePolicy", - "AmazonQDeveloperAccess": "arn:aws:iam::aws:policy/AmazonQDeveloperAccess", - "AmazonQFullAccess": "arn:aws:iam::aws:policy/AmazonQFullAccess", - "AmazonQLDBConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess", - "AmazonQLDBFullAccess": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess", - "AmazonQLDBReadOnly": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly", - "AmazonRDSBetaServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", - "AmazonRDSCustomInstanceProfileRolePolicy": "arn:aws:iam::aws:policy/AmazonRDSCustomInstanceProfileRolePolicy", - "AmazonRDSCustomPreviewServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomPreviewServiceRolePolicy", - "AmazonRDSCustomServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomServiceRolePolicy", - "AmazonRDSDataFullAccess": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", - "AmazonRDSDirectoryServiceAccess": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess", - "AmazonRDSEnhancedMonitoringRole": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "AmazonRDSFullAccess": "arn:aws:iam::aws:policy/AmazonRDSFullAccess", - "AmazonRDSPerformanceInsightsFullAccess": "arn:aws:iam::aws:policy/AmazonRDSPerformanceInsightsFullAccess", - "AmazonRDSPerformanceInsightsReadOnly": "arn:aws:iam::aws:policy/AmazonRDSPerformanceInsightsReadOnly", - "AmazonRDSPreviewServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy", - "AmazonRDSReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess", - "AmazonRDSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", - "AmazonRedshiftAllCommandsFullAccess": "arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess", - "AmazonRedshiftDataFullAccess": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess", - "AmazonRedshiftFederatedAuthorization": "arn:aws:iam::aws:policy/AmazonRedshiftFederatedAuthorization", - "AmazonRedshiftFullAccess": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess", - "AmazonRedshiftQueryEditor": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor", - "AmazonRedshiftQueryEditorV2FullAccess": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2FullAccess", - "AmazonRedshiftQueryEditorV2NoSharing": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2NoSharing", - "AmazonRedshiftQueryEditorV2ReadSharing": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadSharing", - "AmazonRedshiftQueryEditorV2ReadWriteSharing": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadWriteSharing", - "AmazonRedshiftReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess", - "AmazonRedshiftServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", - "AmazonRekognitionCustomLabelsFullAccess": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess", - "AmazonRekognitionFullAccess": "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess", - "AmazonRekognitionReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess", - "AmazonRekognitionServiceRole": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole", - "AmazonRoute53AutoNamingFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingFullAccess", - "AmazonRoute53AutoNamingReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingReadOnlyAccess", - "AmazonRoute53AutoNamingRegistrantAccess": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingRegistrantAccess", - "AmazonRoute53DomainsFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess", - "AmazonRoute53DomainsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess", - "AmazonRoute53FullAccess": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess", - "AmazonRoute53GlobalResolverFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53GlobalResolverFullAccess", - "AmazonRoute53GlobalResolverReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53GlobalResolverReadOnlyAccess", - "AmazonRoute53ProfilesFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53ProfilesFullAccess", - "AmazonRoute53ProfilesReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53ProfilesReadOnlyAccess", - "AmazonRoute53ReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess", - "AmazonRoute53RecoveryClusterFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterFullAccess", - "AmazonRoute53RecoveryClusterReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterReadOnlyAccess", - "AmazonRoute53RecoveryControlConfigFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigFullAccess", - "AmazonRoute53RecoveryControlConfigReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigReadOnlyAccess", - "AmazonRoute53RecoveryReadinessFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessFullAccess", - "AmazonRoute53RecoveryReadinessReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessReadOnlyAccess", - "AmazonRoute53ResolverFullAccess": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess", - "AmazonRoute53ResolverReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess", - "AmazonS3ExpressFullAccess": "arn:aws:iam::aws:policy/AmazonS3ExpressFullAccess", - "AmazonS3ExpressReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3ExpressReadOnlyAccess", - "AmazonS3FilesCSIDriverPolicy": "arn:aws:iam::aws:policy/service-role/AmazonS3FilesCSIDriverPolicy", - "AmazonS3FilesClientFullAccess": "arn:aws:iam::aws:policy/AmazonS3FilesClientFullAccess", - "AmazonS3FilesClientReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3FilesClientReadOnlyAccess", - "AmazonS3FilesClientReadWriteAccess": "arn:aws:iam::aws:policy/AmazonS3FilesClientReadWriteAccess", - "AmazonS3FilesFullAccess": "arn:aws:iam::aws:policy/AmazonS3FilesFullAccess", - "AmazonS3FilesReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3FilesReadOnlyAccess", - "AmazonS3FullAccess": "arn:aws:iam::aws:policy/AmazonS3FullAccess", - "AmazonS3ObjectLambdaExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonS3ObjectLambdaExecutionRolePolicy", - "AmazonS3OutpostsFullAccess": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess", - "AmazonS3OutpostsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess", - "AmazonS3ReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", - "AmazonS3TablesFullAccess": "arn:aws:iam::aws:policy/AmazonS3TablesFullAccess", - "AmazonS3TablesLakeFormationServiceRole": "arn:aws:iam::aws:policy/service-role/AmazonS3TablesLakeFormationServiceRole", - "AmazonS3TablesReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonS3TablesReadOnlyAccess", - "AmazonSESFullAccess": "arn:aws:iam::aws:policy/AmazonSESFullAccess", - "AmazonSESReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess", - "AmazonSESServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSESServiceRolePolicy", - "AmazonSNSFullAccess": "arn:aws:iam::aws:policy/AmazonSNSFullAccess", - "AmazonSNSReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess", - "AmazonSNSRole": "arn:aws:iam::aws:policy/service-role/AmazonSNSRole", - "AmazonSQSFullAccess": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", - "AmazonSQSReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess", - "AmazonSSMAutomationApproverAccess": "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess", - "AmazonSSMAutomationRole": "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", - "AmazonSSMDirectoryServiceAccess": "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess", - "AmazonSSMFullAccess": "arn:aws:iam::aws:policy/AmazonSSMFullAccess", - "AmazonSSMMaintenanceWindowRole": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole", - "AmazonSSMManagedEC2InstanceDefaultPolicy": "arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy", - "AmazonSSMManagedInstanceCore": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", - "AmazonSSMPatchAssociation": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", - "AmazonSSMReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", - "AmazonSSMServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", - "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", - "AmazonSageMakerCanvasAIServicesAccess": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasAIServicesAccess", - "AmazonSageMakerCanvasBedrockAccess": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasBedrockAccess", - "AmazonSageMakerCanvasDataPrepFullAccess": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasDataPrepFullAccess", - "AmazonSageMakerCanvasDirectDeployAccess": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerCanvasDirectDeployAccess", - "AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy", - "AmazonSageMakerCanvasForecastAccess": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerCanvasForecastAccess", - "AmazonSageMakerCanvasFullAccess": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess", - "AmazonSageMakerCanvasSMDataScienceAssistantAccess": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasSMDataScienceAssistantAccess", - "AmazonSageMakerCapacityReservationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCapacityReservationServiceRolePolicy", - "AmazonSageMakerClusterInstanceRolePolicy": "arn:aws:iam::aws:policy/AmazonSageMakerClusterInstanceRolePolicy", - "AmazonSageMakerCoreServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy", - "AmazonSageMakerEdgeDeviceFleetPolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy", - "AmazonSageMakerFeatureStoreAccess": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess", - "AmazonSageMakerFullAccess": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", - "AmazonSageMakerGeospatialExecutionRole": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerGeospatialExecutionRole", - "AmazonSageMakerGeospatialFullAccess": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerGeospatialFullAccess", - "AmazonSageMakerGroundTruthExecution": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution", - "AmazonSageMakerHyperPodGatedModelAccess": "arn:aws:iam::aws:policy/AmazonSageMakerHyperPodGatedModelAccess", - "AmazonSageMakerHyperPodInferenceAccess": "arn:aws:iam::aws:policy/AmazonSageMakerHyperPodInferenceAccess", - "AmazonSageMakerHyperPodObservabilityAdminAccess": "arn:aws:iam::aws:policy/AmazonSageMakerHyperPodObservabilityAdminAccess", - "AmazonSageMakerHyperPodServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerHyperPodServiceRolePolicy", - "AmazonSageMakerHyperPodTrainingOperatorAccess": "arn:aws:iam::aws:policy/AmazonSageMakerHyperPodTrainingOperatorAccess", - "AmazonSageMakerMechanicalTurkAccess": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess", - "AmazonSageMakerModelGovernanceUseAccess": "arn:aws:iam::aws:policy/AmazonSageMakerModelGovernanceUseAccess", - "AmazonSageMakerModelRegistryFullAccess": "arn:aws:iam::aws:policy/AmazonSageMakerModelRegistryFullAccess", - "AmazonSageMakerNotebooksServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy", - "AmazonSageMakerPartnerAppsFullAccess": "arn:aws:iam::aws:policy/AmazonSageMakerPartnerAppsFullAccess", - "AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy", - "AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy", - "AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy", - "AmazonSageMakerPipelinesIntegrations": "arn:aws:iam::aws:policy/AmazonSageMakerPipelinesIntegrations", - "AmazonSageMakerQuickSightVPCPolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerQuickSightVPCPolicy", - "AmazonSageMakerReadOnly": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly", - "AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy": "arn:aws:iam::aws:policy/AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy", - "AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy", - "AmazonSageMakerSpacesControllerPolicy": "arn:aws:iam::aws:policy/AmazonSageMakerSpacesControllerPolicy", - "AmazonSageMakerSpacesRouterPolicy": "arn:aws:iam::aws:policy/AmazonSageMakerSpacesRouterPolicy", - "AmazonSageMakerTrainingPlanCreateAccess": "arn:aws:iam::aws:policy/AmazonSageMakerTrainingPlanCreateAccess", - "AmazonSecurityLakeAdministrator": "arn:aws:iam::aws:policy/AmazonSecurityLakeAdministrator", - "AmazonSecurityLakeMetastoreManager": "arn:aws:iam::aws:policy/service-role/AmazonSecurityLakeMetastoreManager", - "AmazonSecurityLakePermissionsBoundary": "arn:aws:iam::aws:policy/AmazonSecurityLakePermissionsBoundary", - "AmazonTextractFullAccess": "arn:aws:iam::aws:policy/AmazonTextractFullAccess", - "AmazonTextractServiceRole": "arn:aws:iam::aws:policy/service-role/AmazonTextractServiceRole", - "AmazonTimestreamConsoleFullAccess": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess", - "AmazonTimestreamFullAccess": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess", - "AmazonTimestreamInfluxDBFullAccess": "arn:aws:iam::aws:policy/AmazonTimestreamInfluxDBFullAccess", - "AmazonTimestreamInfluxDBFullAccessWithoutMarketplaceAccess": "arn:aws:iam::aws:policy/AmazonTimestreamInfluxDBFullAccessWithoutMarketplaceAccess", - "AmazonTimestreamInfluxDBServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonTimestreamInfluxDBServiceRolePolicy", - "AmazonTimestreamReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess", - "AmazonTranscribeFullAccess": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess", - "AmazonTranscribeReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess", - "AmazonVPCCrossAccountNetworkInterfaceOperations": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations", - "AmazonVPCFullAccess": "arn:aws:iam::aws:policy/AmazonVPCFullAccess", - "AmazonVPCNetworkAccessAnalyzerFullAccessPolicy": "arn:aws:iam::aws:policy/AmazonVPCNetworkAccessAnalyzerFullAccessPolicy", - "AmazonVPCReachabilityAnalyzerFullAccessPolicy": "arn:aws:iam::aws:policy/AmazonVPCReachabilityAnalyzerFullAccessPolicy", - "AmazonVPCReachabilityAnalyzerPathComponentReadPolicy": "arn:aws:iam::aws:policy/AmazonVPCReachabilityAnalyzerPathComponentReadPolicy", - "AmazonVPCReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess", - "AmazonVerifiedPermissionsFullAccess": "arn:aws:iam::aws:policy/AmazonVerifiedPermissionsFullAccess", - "AmazonVerifiedPermissionsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonVerifiedPermissionsReadOnlyAccess", - "AmazonWorkDocsFullAccess": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess", - "AmazonWorkDocsReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess", - "AmazonWorkMailEventsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy", - "AmazonWorkMailFullAccess": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess", - "AmazonWorkMailMessageFlowFullAccess": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess", - "AmazonWorkMailMessageFlowReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess", - "AmazonWorkMailReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess", - "AmazonWorkSpacesAdmin": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin", - "AmazonWorkSpacesApplicationManagerAdminAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess", - "AmazonWorkSpacesPoolServiceAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesPoolServiceAccess", - "AmazonWorkSpacesSecureBrowserReadOnly": "arn:aws:iam::aws:policy/AmazonWorkSpacesSecureBrowserReadOnly", - "AmazonWorkSpacesSelfServiceAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess", - "AmazonWorkSpacesServiceAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess", - "AmazonWorkSpacesThinClientFullAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesThinClientFullAccess", - "AmazonWorkSpacesThinClientMonitoringServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkSpacesThinClientMonitoringServiceRolePolicy", - "AmazonWorkSpacesThinClientReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonWorkSpacesThinClientReadOnlyAccess", - "AmazonWorkSpacesWebReadOnly": "arn:aws:iam::aws:policy/AmazonWorkSpacesWebReadOnly", - "AmazonWorkSpacesWebServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkSpacesWebServiceRolePolicy", - "AmazonWorkspacesPCAAccess": "arn:aws:iam::aws:policy/AmazonWorkspacesPCAAccess", - "AmazonZocaloFullAccess": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess", - "AmazonZocaloReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess", - "AmplifyBackendDeployFullAccess": "arn:aws:iam::aws:policy/service-role/AmplifyBackendDeployFullAccess", - "AnthropicFullAccess": "arn:aws:iam::aws:policy/AnthropicFullAccess", - "AnthropicLimitedAccess": "arn:aws:iam::aws:policy/AnthropicLimitedAccess", - "AnthropicReadOnlyAccess": "arn:aws:iam::aws:policy/AnthropicReadOnlyAccess", - "AppIntegrationsServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AppIntegrationsServiceLinkedRolePolicy", - "AppRunnerNetworkingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerNetworkingServiceRolePolicy", - "AppRunnerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerServiceRolePolicy", - "AppStudioServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AppStudioServiceRolePolicy", - "ApplicationAutoScalingForAmazonAppStreamAccess": "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess", - "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", - "AuroraDsqlServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AuroraDsqlServiceLinkedRolePolicy", - "AutoScalingConsoleFullAccess": "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess", - "AutoScalingConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess", - "AutoScalingFullAccess": "arn:aws:iam::aws:policy/AutoScalingFullAccess", - "AutoScalingNotificationAccessRole": "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole", - "AutoScalingReadOnlyAccess": "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess", - "AutoScalingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", - "AwsGlueDataBrewFullAccessPolicy": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy", - "AwsGlueSessionUserRestrictedNotebookPolicy": "arn:aws:iam::aws:policy/AwsGlueSessionUserRestrictedNotebookPolicy", - "AwsGlueSessionUserRestrictedNotebookServiceRole": "arn:aws:iam::aws:policy/service-role/AwsGlueSessionUserRestrictedNotebookServiceRole", - "AwsGlueSessionUserRestrictedPolicy": "arn:aws:iam::aws:policy/AwsGlueSessionUserRestrictedPolicy", - "AwsGlueSessionUserRestrictedServiceRole": "arn:aws:iam::aws:policy/service-role/AwsGlueSessionUserRestrictedServiceRole", - "BatchServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy", - "BedrockAgentCoreFullAccess": "arn:aws:iam::aws:policy/BedrockAgentCoreFullAccess", - "BedrockAgentCoreNetworkServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/BedrockAgentCoreNetworkServiceRolePolicy", - "BedrockAgentCoreRuntimeIdentityServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/BedrockAgentCoreRuntimeIdentityServiceRolePolicy", - "Billing": "arn:aws:iam::aws:policy/job-function/Billing", - "BudgetsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/BudgetsServiceRolePolicy", - "CertificateManagerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", - "ClientVPNServiceConnectionsRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy", - "ClientVPNServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy", - "CloudFormationStackSetsOrgAdminServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy", - "CloudFormationStackSetsOrgMemberServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy", - "CloudFrontFullAccess": "arn:aws:iam::aws:policy/CloudFrontFullAccess", - "CloudFrontReadOnlyAccess": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess", - "CloudHSMServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy", - "CloudSearchFullAccess": "arn:aws:iam::aws:policy/CloudSearchFullAccess", - "CloudSearchReadOnlyAccess": "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess", - "CloudTrailEventContext": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailEventContext", - "CloudTrailServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy", - "CloudWatch-CrossAccountAccess": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess", - "CloudWatchAPIKeyAccess": "arn:aws:iam::aws:policy/CloudWatchAPIKeyAccess", - "CloudWatchActionsEC2Access": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access", - "CloudWatchAgentAdminPolicy": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy", - "CloudWatchAgentServerPolicy": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", - "CloudWatchApplicationInsightsFullAccess": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess", - "CloudWatchApplicationInsightsReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess", - "CloudWatchApplicationSignalsFullAccess": "arn:aws:iam::aws:policy/CloudWatchApplicationSignalsFullAccess", - "CloudWatchApplicationSignalsReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchApplicationSignalsReadOnlyAccess", - "CloudWatchApplicationSignalsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchApplicationSignalsServiceRolePolicy", - "CloudWatchAutomaticDashboardsAccess": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess", - "CloudWatchCrossAccountSharingConfiguration": "arn:aws:iam::aws:policy/CloudWatchCrossAccountSharingConfiguration", - "CloudWatchEventsBuiltInTargetExecutionAccess": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess", - "CloudWatchEventsFullAccess": "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", - "CloudWatchEventsInvocationAccess": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess", - "CloudWatchEventsReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess", - "CloudWatchEventsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy", - "CloudWatchFullAccess": "arn:aws:iam::aws:policy/CloudWatchFullAccess", - "CloudWatchFullAccessV2": "arn:aws:iam::aws:policy/CloudWatchFullAccessV2", - "CloudWatchInternetMonitorFullAccess": "arn:aws:iam::aws:policy/CloudWatchInternetMonitorFullAccess", - "CloudWatchInternetMonitorReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchInternetMonitorReadOnlyAccess", - "CloudWatchInternetMonitorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy", - "CloudWatchLambdaApplicationSignalsExecutionRolePolicy": "arn:aws:iam::aws:policy/CloudWatchLambdaApplicationSignalsExecutionRolePolicy", - "CloudWatchLambdaInsightsExecutionRolePolicy": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", - "CloudWatchLogsAPIKeyAccess": "arn:aws:iam::aws:policy/CloudWatchLogsAPIKeyAccess", - "CloudWatchLogsCrossAccountSharingConfiguration": "arn:aws:iam::aws:policy/CloudWatchLogsCrossAccountSharingConfiguration", - "CloudWatchLogsFullAccess": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", - "CloudWatchLogsReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess", - "CloudWatchNetworkFlowMonitorAgentPublishPolicy": "arn:aws:iam::aws:policy/CloudWatchNetworkFlowMonitorAgentPublishPolicy", - "CloudWatchNetworkFlowMonitorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkFlowMonitorServiceRolePolicy", - "CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy", - "CloudWatchNetworkMonitorServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkMonitorServiceRolePolicy", - "CloudWatchOpenSearchDashboardAccess": "arn:aws:iam::aws:policy/CloudWatchOpenSearchDashboardAccess", - "CloudWatchOpenSearchDashboardsFullAccess": "arn:aws:iam::aws:policy/CloudWatchOpenSearchDashboardsFullAccess", - "CloudWatchReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", - "CloudWatchSyntheticsFullAccess": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess", - "CloudWatchSyntheticsReadOnlyAccess": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess", - "CloudwatchApplicationInsightsServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy", - "ComprehendDataAccessRolePolicy": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy", - "ComprehendFullAccess": "arn:aws:iam::aws:policy/ComprehendFullAccess", - "ComprehendMedicalFullAccess": "arn:aws:iam::aws:policy/ComprehendMedicalFullAccess", - "ComprehendReadOnly": "arn:aws:iam::aws:policy/ComprehendReadOnly", - "ComputeOptimizerAutomationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerAutomationServiceRolePolicy", - "ComputeOptimizerReadOnlyAccess": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess", - "ComputeOptimizerServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy", - "ConfigConformsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy", - "ConsoleFullAccessFromVercel": "arn:aws:iam::aws:policy/ConsoleFullAccessFromVercel", - "ConsoleViewOnlyAccessFromVercel": "arn:aws:iam::aws:policy/ConsoleViewOnlyAccessFromVercel", - "CostOptimizationHubAdminAccess": "arn:aws:iam::aws:policy/CostOptimizationHubAdminAccess", - "CostOptimizationHubReadOnlyAccess": "arn:aws:iam::aws:policy/CostOptimizationHubReadOnlyAccess", - "CostOptimizationHubServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CostOptimizationHubServiceRolePolicy", - "CustomerProfilesServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/CustomerProfilesServiceLinkedRolePolicy", - "DAXServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy", - "DBModDiscoveryAndAssessment": "arn:aws:iam::aws:policy/DBModDiscoveryAndAssessment", - "DBModProvisioningAndMigration": "arn:aws:iam::aws:policy/DBModProvisioningAndMigration", - "DataScientist": "arn:aws:iam::aws:policy/job-function/DataScientist", - "DatabaseAdministrator": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", - "DeclarativePoliciesEC2Report": "arn:aws:iam::aws:policy/aws-service-role/DeclarativePoliciesEC2Report", - "DynamoDBCloudWatchContributorInsightsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy", - "DynamoDBGlobalTableSettingsManagementServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBGlobalTableSettingsManagementServiceRolePolicy", - "DynamoDBKinesisReplicationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy", - "DynamoDBReplicationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy", - "EC2ApplicationStatusChecksServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/EC2ApplicationStatusChecksServiceRolePolicy", - "EC2FastLaunchFullAccess": "arn:aws:iam::aws:policy/EC2FastLaunchFullAccess", - "EC2FastLaunchServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/EC2FastLaunchServiceRolePolicy", - "EC2FleetTimeShiftableServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy", - "EC2ImageBuilderLifecycleExecutionPolicy": "arn:aws:iam::aws:policy/service-role/EC2ImageBuilderLifecycleExecutionPolicy", - "EC2InstanceConnect": "arn:aws:iam::aws:policy/EC2InstanceConnect", - "EC2InstanceProfileForImageBuilder": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", - "EC2InstanceProfileForImageBuilderECRContainerBuilds": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", - "ECRReplicationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", - "ECRTemplateServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ECRTemplateServiceRolePolicy", - "EMRDescribeClusterPolicyForEMRWAL": "arn:aws:iam::aws:policy/aws-service-role/EMRDescribeClusterPolicyForEMRWAL", - "Ec2ImageBuilderCrossAccountDistributionAccess": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess", - "Ec2InstanceConnectEndpoint": "arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint", - "ElastiCacheServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "ElasticLoadBalancingFullAccess": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess", - "ElasticLoadBalancingReadOnly": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly", - "ElementalActivationsDownloadSoftwareAccess": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess", - "ElementalActivationsFullAccess": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess", - "ElementalActivationsGenerateLicenses": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses", - "ElementalActivationsReadOnlyAccess": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess", - "ElementalAppliancesSoftwareFullAccess": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess", - "ElementalAppliancesSoftwareReadOnlyAccess": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess", - "ElementalSupportCenterFullAccess": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess", - "FMSServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy", - "FSxDeleteServiceLinkedRoleAccess": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess", - "GameLiftContainerFleetPolicy": "arn:aws:iam::aws:policy/GameLiftContainerFleetPolicy", - "GameLiftGameServerGroupPolicy": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy", - "GitLabDuoWithAmazonQPermissionsPolicy": "arn:aws:iam::aws:policy/GitLabDuoWithAmazonQPermissionsPolicy", - "GlobalAcceleratorFullAccess": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", - "GlobalAcceleratorReadOnlyAccess": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess", - "GreengrassOTAUpdateArtifactAccess": "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", - "Health_OrganizationsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy", - "IAMAccessAdvisorReadOnly": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly", - "IAMAccessAnalyzerFullAccess": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess", - "IAMAccessAnalyzerReadOnlyAccess": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess", - "IAMAuditRootUserCredentials": "arn:aws:iam::aws:policy/root-task/IAMAuditRootUserCredentials", - "IAMCreateRootUserPassword": "arn:aws:iam::aws:policy/root-task/IAMCreateRootUserPassword", - "IAMDeleteRootUserCredentials": "arn:aws:iam::aws:policy/root-task/IAMDeleteRootUserCredentials", - "IAMFullAccess": "arn:aws:iam::aws:policy/IAMFullAccess", - "IAMReadOnlyAccess": "arn:aws:iam::aws:policy/IAMReadOnlyAccess", - "IAMSelfManageServiceSpecificCredentials": "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials", - "IAMUserChangePassword": "arn:aws:iam::aws:policy/IAMUserChangePassword", - "IAMUserSSHKeys": "arn:aws:iam::aws:policy/IAMUserSSHKeys", - "IVSFullAccess": "arn:aws:iam::aws:policy/IVSFullAccess", - "IVSReadOnlyAccess": "arn:aws:iam::aws:policy/IVSReadOnlyAccess", - "IVSRecordToS3": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3", - "IsengardControllerPolicy": "arn:aws:iam::aws:policy/aws-service-role/IsengardControllerPolicy", - "KafkaConnectServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy", - "KafkaServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", - "KeyspacesCDCServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/KeyspacesCDCServiceRolePolicy", - "KeyspacesReplicationServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/KeyspacesReplicationServiceRolePolicy", - "LakeFormationDataAccessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", - "LexBotPolicy": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", - "LexChannelPolicy": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy", - "LightsailExportAccess": "arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess", - "MediaConnectGatewayInstanceRolePolicy": "arn:aws:iam::aws:policy/MediaConnectGatewayInstanceRolePolicy", - "MediaPackageServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy", - "MemoryDBServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy", - "MigrationHubDMSAccessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy", - "MigrationHubSMSAccessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy", - "MigrationHubServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy", - "MonitronServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/MonitronServiceRolePolicy", - "MultiPartyApprovalFullAccess": "arn:aws:iam::aws:policy/MultiPartyApprovalFullAccess", - "MultiPartyApprovalReadOnlyAccess": "arn:aws:iam::aws:policy/MultiPartyApprovalReadOnlyAccess", - "NeptuneConsoleFullAccess": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess", - "NeptuneFullAccess": "arn:aws:iam::aws:policy/NeptuneFullAccess", - "NeptuneGraphReadOnlyAccess": "arn:aws:iam::aws:policy/NeptuneGraphReadOnlyAccess", - "NeptuneReadOnlyAccess": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess", - "NetworkAdministrator": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", - "NetworkSecurityDirectorServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/NetworkSecurityDirectorServiceLinkedRolePolicy", - "NovaActServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/NovaActServiceRolePolicy", - "OAMFullAccess": "arn:aws:iam::aws:policy/OAMFullAccess", - "OAMReadOnlyAccess": "arn:aws:iam::aws:policy/OAMReadOnlyAccess", - "OpensearchIngestionSelfManagedVpcePolicy": "arn:aws:iam::aws:policy/aws-service-role/OpensearchIngestionSelfManagedVpcePolicy", - "PartnerCentralAccountManagementUserRoleAssociation": "arn:aws:iam::aws:policy/PartnerCentralAccountManagementUserRoleAssociation", - "PartnerCentralIncentiveBenefitManagement": "arn:aws:iam::aws:policy/PartnerCentralIncentiveBenefitManagement", - "PowerUserAccess": "arn:aws:iam::aws:policy/PowerUserAccess", - "QAppsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/QAppsServiceRolePolicy", - "QBusinessQuicksightPluginPolicy": "arn:aws:iam::aws:policy/QBusinessQuicksightPluginPolicy", - "QBusinessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/QBusinessServiceRolePolicy", - "QuickSightAccessForS3StorageManagementAnalyticsReadOnly": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly", - "RDSCloudHsmAuthorizationRole": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole", - "ROSAAmazonEBSCSIDriverOperatorPolicy": "arn:aws:iam::aws:policy/service-role/ROSAAmazonEBSCSIDriverOperatorPolicy", - "ROSACloudNetworkConfigOperatorPolicy": "arn:aws:iam::aws:policy/service-role/ROSACloudNetworkConfigOperatorPolicy", - "ROSAControlPlaneOperatorPolicy": "arn:aws:iam::aws:policy/service-role/ROSAControlPlaneOperatorPolicy", - "ROSAImageRegistryOperatorPolicy": "arn:aws:iam::aws:policy/service-role/ROSAImageRegistryOperatorPolicy", - "ROSAIngressOperatorPolicy": "arn:aws:iam::aws:policy/service-role/ROSAIngressOperatorPolicy", - "ROSAInstallerPolicy": "arn:aws:iam::aws:policy/service-role/ROSAInstallerPolicy", - "ROSAKMSProviderPolicy": "arn:aws:iam::aws:policy/service-role/ROSAKMSProviderPolicy", - "ROSAKubeControllerPolicy": "arn:aws:iam::aws:policy/service-role/ROSAKubeControllerPolicy", - "ROSAManageSubscription": "arn:aws:iam::aws:policy/ROSAManageSubscription", - "ROSANodePoolManagementPolicy": "arn:aws:iam::aws:policy/service-role/ROSANodePoolManagementPolicy", - "ROSASRESupportPolicy": "arn:aws:iam::aws:policy/service-role/ROSASRESupportPolicy", - "ROSASharedVPCEndpointPolicy": "arn:aws:iam::aws:policy/ROSASharedVPCEndpointPolicy", - "ROSASharedVPCRoute53Policy": "arn:aws:iam::aws:policy/ROSASharedVPCRoute53Policy", - "ROSAWorkerInstancePolicy": "arn:aws:iam::aws:policy/service-role/ROSAWorkerInstancePolicy", - "RTBFabricServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/RTBFabricServiceRolePolicy", - "ReadOnlyAccess": "arn:aws:iam::aws:policy/ReadOnlyAccess", - "ResourceGroupsServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ResourceGroupsServiceRolePolicy", - "ResourceGroupsTaggingAPITagUntagSupportedResources": "arn:aws:iam::aws:policy/ResourceGroupsTaggingAPITagUntagSupportedResources", - "ResourceGroupsandTagEditorFullAccess": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess", - "ResourceGroupsandTagEditorReadOnlyAccess": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess", - "Route53RecoveryReadinessServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy", - "Route53ResolverServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy", - "S3StorageLensServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy", - "S3UnlockBucketPolicy": "arn:aws:iam::aws:policy/root-task/S3UnlockBucketPolicy", - "SMSVoiceServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/SMSVoiceServiceRolePolicy", - "SQSUnlockQueuePolicy": "arn:aws:iam::aws:policy/root-task/SQSUnlockQueuePolicy", - "SSMQuickSetupRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/SSMQuickSetupRolePolicy", - "SageMakerStudioAdminIAMConsolePolicy": "arn:aws:iam::aws:policy/SageMakerStudioAdminIAMConsolePolicy", - "SageMakerStudioAdminIAMDefaultExecutionPolicy": "arn:aws:iam::aws:policy/SageMakerStudioAdminIAMDefaultExecutionPolicy", - "SageMakerStudioAdminIAMPermissiveExecutionPolicy": "arn:aws:iam::aws:policy/SageMakerStudioAdminIAMPermissiveExecutionPolicy", - "SageMakerStudioAdminProjectUserRolePolicy": "arn:aws:iam::aws:policy/SageMakerStudioAdminProjectUserRolePolicy", - "SageMakerStudioBedrockAgentServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockAgentServiceRolePolicy", - "SageMakerStudioBedrockChatAgentUserRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockChatAgentUserRolePolicy", - "SageMakerStudioBedrockEvaluationJobServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockEvaluationJobServiceRolePolicy", - "SageMakerStudioBedrockFlowServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFlowServiceRolePolicy", - "SageMakerStudioBedrockFunctionExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFunctionExecutionRolePolicy", - "SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy", - "SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy", - "SageMakerStudioBedrockPromptUserRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockPromptUserRolePolicy", - "SageMakerStudioDomainExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainExecutionRolePolicy", - "SageMakerStudioDomainServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainServiceRolePolicy", - "SageMakerStudioEMRContainersSystemNamespaceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRContainersSystemNamespaceRolePolicy", - "SageMakerStudioEMRInstanceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRInstanceRolePolicy", - "SageMakerStudioEMRServiceRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRServiceRolePolicy", - "SageMakerStudioFullAccess": "arn:aws:iam::aws:policy/SageMakerStudioFullAccess", - "SageMakerStudioProjectProvisioningRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioProjectProvisioningRolePolicy", - "SageMakerStudioProjectRoleMachineLearningPolicy": "arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy", - "SageMakerStudioProjectUserRolePermissionsBoundary": "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary", - "SageMakerStudioProjectUserRolePolicy": "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePolicy", - "SageMakerStudioQueryExecutionRolePolicy": "arn:aws:iam::aws:policy/service-role/SageMakerStudioQueryExecutionRolePolicy", - "SageMakerStudioUserIAMConsolePolicy": "arn:aws:iam::aws:policy/SageMakerStudioUserIAMConsolePolicy", - "SageMakerStudioUserIAMDefaultExecutionPolicy": "arn:aws:iam::aws:policy/SageMakerStudioUserIAMDefaultExecutionPolicy", - "SageMakerStudioUserIAMPermissiveExecutionPolicy": "arn:aws:iam::aws:policy/SageMakerStudioUserIAMPermissiveExecutionPolicy", - "SecretsManagerReadWrite": "arn:aws:iam::aws:policy/SecretsManagerReadWrite", - "SecurityAgentWebAppAPIPolicy": "arn:aws:iam::aws:policy/service-role/SecurityAgentWebAppAPIPolicy", - "SecurityAgentWebAppPolicy": "arn:aws:iam::aws:policy/SecurityAgentWebAppPolicy", - "SecurityAudit": "arn:aws:iam::aws:policy/SecurityAudit", - "SecurityLakeResourceManagementServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/SecurityLakeResourceManagementServiceRolePolicy", - "SecurityLakeServiceLinkedRole": "arn:aws:iam::aws:policy/aws-service-role/SecurityLakeServiceLinkedRole", - "ServerMigrationConnector": "arn:aws:iam::aws:policy/ServerMigrationConnector", - "ServerMigrationServiceConsoleFullAccess": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess", - "ServerMigrationServiceLaunchRole": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole", - "ServerMigrationServiceRoleForInstanceValidation": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation", - "ServiceQuotasFullAccess": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess", - "ServiceQuotasReadOnlyAccess": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess", - "ServiceQuotasServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy", - "SignInLocalDevelopmentAccess": "arn:aws:iam::aws:policy/SignInLocalDevelopmentAccess", - "SimpleWorkflowFullAccess": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess", - "SplitCostAllocationDataServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/SplitCostAllocationDataServiceRolePolicy", - "SupportUser": "arn:aws:iam::aws:policy/job-function/SupportUser", - "SystemAdministrator": "arn:aws:iam::aws:policy/job-function/SystemAdministrator", - "TranslateFullAccess": "arn:aws:iam::aws:policy/TranslateFullAccess", - "TranslateReadOnly": "arn:aws:iam::aws:policy/TranslateReadOnly", - "VMImportExportRoleForAWSConnector": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector", - "VPCLatticeFullAccess": "arn:aws:iam::aws:policy/VPCLatticeFullAccess", - "VPCLatticeReadOnlyAccess": "arn:aws:iam::aws:policy/VPCLatticeReadOnlyAccess", - "VPCLatticeServicesInvokeAccess": "arn:aws:iam::aws:policy/VPCLatticeServicesInvokeAccess", - "ViewOnlyAccess": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess", - "WAFLoggingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", - "WAFRegionalLoggingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/WAFRegionalLoggingServiceRolePolicy", - "WAFV2LoggingServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", - "WellArchitectedConsoleFullAccess": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess", - "WellArchitectedConsoleReadOnlyAccess": "arn:aws:iam::aws:policy/WellArchitectedConsoleReadOnlyAccess", - "WorkLinkServiceRolePolicy": "arn:aws:iam::aws:policy/WorkLinkServiceRolePolicy" -} diff --git a/src/cfnlint/data/schemas/other/resources/configuration.json b/src/cfnlint/data/schemas/other/resources/configuration.json index d87fcdb524..6f56caec44 100644 --- a/src/cfnlint/data/schemas/other/resources/configuration.json +++ b/src/cfnlint/data/schemas/other/resources/configuration.json @@ -29,6 +29,21 @@ "Condition": { "type": "string" }, + "Connectors": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "Properties": { + "type": "object" + } + }, + "required": [ + "Properties" + ], + "type": "object" + }, + "type": "object" + }, "CreationPolicy": { "type": "object" }, @@ -42,6 +57,22 @@ "array" ] }, + "IgnoreGlobals": { + "anyOf": [ + { + "enum": [ + "*" + ], + "type": "string" + }, + { + "items": { + "type": "string" + }, + "type": "array" + } + ] + }, "Metadata": {}, "Properties": {}, "Type": { diff --git a/src/cfnlint/data/Serverless/__init__.py b/src/cfnlint/data/schemas/other/sam/__init__.py similarity index 100% rename from src/cfnlint/data/Serverless/__init__.py rename to src/cfnlint/data/schemas/other/sam/__init__.py diff --git a/src/cfnlint/data/schemas/other/sam/globals.json b/src/cfnlint/data/schemas/other/sam/globals.json new file mode 100644 index 0000000000..26007c2fdb --- /dev/null +++ b/src/cfnlint/data/schemas/other/sam/globals.json @@ -0,0 +1,280 @@ +{ + "additionalProperties": false, + "properties": { + "Api": { + "additionalProperties": false, + "properties": { + "AccessLogSetting": {}, + "AlwaysDeploy": { + "type": "boolean" + }, + "Auth": {}, + "BinaryMediaTypes": {}, + "CacheClusterEnabled": { + "type": "boolean" + }, + "CacheClusterSize": { + "type": "string" + }, + "CanarySetting": {}, + "Cors": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "DefinitionUri": {}, + "Domain": {}, + "EndpointConfiguration": {}, + "GatewayResponses": { + "type": "object" + }, + "MergeDefinitions": { + "type": "boolean" + }, + "MethodSettings": {}, + "MinimumCompressionSize": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "OpenApiVersion": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "SecurityPolicy": { + "type": "string" + }, + "TracingEnabled": { + "type": "boolean" + }, + "Variables": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "CapacityProvider": { + "additionalProperties": false, + "properties": { + "InstanceRequirements": {}, + "KmsKeyArn": { + "type": "string" + }, + "OperatorRole": {}, + "PropagateTags": { + "type": "boolean" + }, + "ScalingConfig": {}, + "Tags": { + "type": "object" + }, + "VpcConfig": {} + }, + "type": "object" + }, + "Function": { + "additionalProperties": false, + "properties": { + "Architectures": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AssumeRolePolicyDocument": { + "type": "object" + }, + "AutoPublishAlias": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "CapacityProviderConfig": {}, + "CodeUri": { + "type": "string" + }, + "DeadLetterQueue": { + "type": "object" + }, + "DeploymentPreference": {}, + "Description": {}, + "DurableConfig": {}, + "Environment": {}, + "EphemeralStorage": {}, + "EventInvokeConfig": {}, + "FunctionScalingConfig": {}, + "Handler": { + "type": "string" + }, + "KmsKeyArn": {}, + "Layers": {}, + "LoggingConfig": {}, + "MemorySize": {}, + "PermissionsBoundary": { + "type": "string" + }, + "PropagateTags": { + "type": "boolean" + }, + "ProvisionedConcurrencyConfig": {}, + "PublishToLatestPublished": { + "type": "boolean" + }, + "RecursiveLoop": { + "type": "string" + }, + "ReservedConcurrentExecutions": {}, + "RolePath": { + "type": "string" + }, + "Runtime": { + "type": "string" + }, + "RuntimeManagementConfig": {}, + "SnapStart": {}, + "SourceKMSKeyArn": { + "type": "string" + }, + "Tags": { + "type": "object" + }, + "TenancyConfig": {}, + "Timeout": {}, + "Tracing": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "Active", + "PassThrough", + "Disabled" + ], + "type": "string" + } + ] + }, + "VersionDeletionPolicy": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + }, + { + "type": "boolean" + } + ] + }, + "VpcConfig": {} + }, + "type": "object" + }, + "HttpApi": { + "additionalProperties": false, + "properties": { + "AccessLogSettings": {}, + "Auth": {}, + "CorsConfiguration": {}, + "DefaultRouteSettings": {}, + "Domain": {}, + "FailOnWarnings": {}, + "PropagateTags": { + "type": "boolean" + }, + "RouteSettings": {}, + "StageVariables": {}, + "Tags": { + "type": "object" + } + }, + "type": "object" + }, + "LayerVersion": { + "additionalProperties": false, + "properties": { + "PublishLambdaVersion": { + "type": "boolean" + } + }, + "type": "object" + }, + "SimpleTable": { + "additionalProperties": false, + "properties": { + "SSESpecification": {} + }, + "type": "object" + }, + "StateMachine": { + "additionalProperties": false, + "properties": { + "PropagateTags": { + "type": "boolean" + } + }, + "type": "object" + }, + "WebSocketApi": { + "additionalProperties": false, + "properties": { + "AccessLogSettings": {}, + "ApiKeySelectionExpression": { + "type": "string" + }, + "DefaultRouteSettings": {}, + "DisableExecuteApiEndpoint": { + "type": "boolean" + }, + "DisableSchemaValidation": { + "type": "boolean" + }, + "Domain": {}, + "IpAddressType": { + "type": "string" + }, + "PropagateTags": { + "type": "boolean" + }, + "RouteSelectionExpression": { + "type": "string" + }, + "RouteSettings": {}, + "StageVariables": {}, + "Tags": { + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/src/cfnlint/data/schemas/other/template/configuration.json b/src/cfnlint/data/schemas/other/template/configuration.json index afc9203b28..640e206c4a 100644 --- a/src/cfnlint/data/schemas/other/template/configuration.json +++ b/src/cfnlint/data/schemas/other/template/configuration.json @@ -14,6 +14,9 @@ "type": "object" }, "Description": {}, + "Globals": { + "type": "object" + }, "Mappings": {}, "Metadata": {}, "Outputs": {}, diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/passthrough.json new file mode 100644 index 0000000000..9df4ae0338 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_api/passthrough.json @@ -0,0 +1,84 @@ +[ + { + "op": "replace", + "path": "/definitions/UsagePlan/properties/Description", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/UsagePlan/properties/Quota", + "value": { + "additionalProperties": false, + "properties": { + "Limit": { + "minimum": 0, + "type": "integer" + }, + "Offset": { + "minimum": 0, + "type": "integer" + }, + "Period": { + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/UsagePlan/properties/Tags", + "value": { + "insertionOrder": false, + "items": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + }, + "type": "array", + "uniqueItems": false + } + }, + { + "op": "replace", + "path": "/definitions/UsagePlan/properties/Throttle", + "value": { + "additionalProperties": false, + "properties": { + "BurstLimit": { + "minimum": 0, + "type": "integer" + }, + "RateLimit": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/UsagePlan/properties/UsagePlanName", + "value": { + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/manual.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/manual.json new file mode 100644 index 0000000000..4286837a0d --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/manual.json @@ -0,0 +1,14 @@ +[ + { + "op": "add", + "path": "/definitions/EventBridgeRuleEventProperties/properties/State", + "value": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/passthrough.json new file mode 100644 index 0000000000..26f0d5a950 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_function/passthrough.json @@ -0,0 +1,1654 @@ +[ + { + "op": "replace", + "path": "/definitions/CloudWatchEventProperties/properties/EventBusName", + "value": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/CloudWatchEventProperties/properties/Pattern", + "value": { + "type": [ + "string", + "object" + ] + } + }, + { + "op": "replace", + "path": "/definitions/CloudWatchEventProperties/properties/State", + "value": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/CloudWatchLogsEventProperties/properties/FilterPattern", + "value": { + "maxLength": 1024, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/CloudWatchLogsEventProperties/properties/LogGroupName", + "value": { + "format": "AWS::Logs::LogGroup.Name", + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\.\\-_/#A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/CognitoEventProperties/properties/Trigger", + "value": { + "additionalProperties": false, + "properties": { + "CreateAuthChallenge": { + "type": "string" + }, + "CustomEmailSender": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "CustomMessage": { + "type": "string" + }, + "CustomSMSSender": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "DefineAuthChallenge": { + "type": "string" + }, + "InboundFederation": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "KMSKeyID": { + "type": "string" + }, + "PostAuthentication": { + "type": "string" + }, + "PostConfirmation": { + "type": "string" + }, + "PreAuthentication": { + "type": "string" + }, + "PreSignUp": { + "type": "string" + }, + "PreTokenGeneration": { + "type": "string" + }, + "PreTokenGenerationConfig": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "UserMigration": { + "type": "string" + }, + "VerifyAuthChallengeResponse": { + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/DeadLetterConfig/properties/Arn", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/BatchSize", + "value": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/BisectBatchOnFunctionError", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/DestinationConfig", + "value": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "maxLength": 1024, + "minLength": 12, + "pattern": "^$|kafka://([^.]([a-zA-Z0-9\\-_.]{0,248}))|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/Enabled", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/FunctionResponseTypes", + "value": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/MaximumBatchingWindowInSeconds", + "value": { + "maximum": 300, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/MaximumRecordAgeInSeconds", + "value": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/MaximumRetryAttempts", + "value": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/ParallelizationFactor", + "value": { + "maximum": 10, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/StartingPosition", + "value": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/StartingPositionTimestamp", + "value": { + "type": "number" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/Stream", + "value": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBEventProperties/properties/TumblingWindowInSeconds", + "value": { + "maximum": 900, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/EventBusName", + "value": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/Pattern", + "value": { + "type": [ + "string", + "object" + ] + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/RuleName", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventsScheduleProperties/properties/Description", + "value": { + "maxLength": 512, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventsScheduleProperties/properties/Name", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventsScheduleProperties/properties/Schedule", + "value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventsScheduleProperties/properties/State", + "value": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/FunctionUrlConfig/properties/Cors", + "value": { + "additionalProperties": false, + "properties": { + "AllowCredentials": { + "type": "boolean" + }, + "AllowHeaders": { + "insertionOrder": true, + "items": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "AllowMethods": { + "insertionOrder": true, + "items": { + "enum": [ + "GET", + "PUT", + "HEAD", + "POST", + "PATCH", + "DELETE", + "*" + ], + "maxLength": 6, + "minLength": 0, + "type": "string" + }, + "maxItems": 6, + "minItems": 1, + "type": "array" + }, + "AllowOrigins": { + "insertionOrder": true, + "items": { + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "ExposeHeaders": { + "insertionOrder": true, + "items": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "MaxAge": { + "maximum": 86400, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/HttpApiEventProperties/properties/RouteSettings", + "value": { + "format": "json", + "type": [ + "object", + "string" + ] + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/BatchSize", + "value": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/BisectBatchOnFunctionError", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/DestinationConfig", + "value": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "maxLength": 1024, + "minLength": 12, + "pattern": "^$|kafka://([^.]([a-zA-Z0-9\\-_.]{0,248}))|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/Enabled", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/FunctionResponseTypes", + "value": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/MaximumBatchingWindowInSeconds", + "value": { + "maximum": 300, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/MaximumRecordAgeInSeconds", + "value": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/MaximumRetryAttempts", + "value": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/ParallelizationFactor", + "value": { + "maximum": 10, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/StartingPosition", + "value": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/StartingPositionTimestamp", + "value": { + "type": "number" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/Stream", + "value": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/KinesisEventProperties/properties/TumblingWindowInSeconds", + "value": { + "maximum": 900, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/BatchSize", + "value": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/Broker", + "value": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/Enabled", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/MaximumBatchingWindowInSeconds", + "value": { + "maximum": 300, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/Queues", + "value": { + "items": { + "maxLength": 1000, + "minLength": 1, + "pattern": "[\\s\\S]*", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/MQEventProperties/properties/SourceAccessConfigurations", + "value": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "VPC_SUBNET", + "VPC_SECURITY_GROUP", + "SASL_SCRAM_512_AUTH", + "SASL_SCRAM_256_AUTH", + "VIRTUAL_HOST", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 22, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/BisectBatchOnFunctionError", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/FunctionResponseTypes", + "value": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/KmsKeyArn", + "value": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/LoggingConfig", + "value": { + "additionalProperties": false, + "properties": { + "SystemLogLevel": { + "enum": [ + "DEBUG", + "INFO", + "WARN" + ], + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/MaximumBatchingWindowInSeconds", + "value": { + "maximum": 300, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/MaximumRecordAgeInSeconds", + "value": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/MaximumRetryAttempts", + "value": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/MetricsConfig", + "value": { + "additionalProperties": false, + "properties": { + "Metrics": { + "items": { + "enum": [ + "EventCount", + "ErrorCount", + "KafkaMetrics" + ], + "type": "string" + }, + "maxItems": 3, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/ProvisionedPollerConfig", + "value": { + "additionalProperties": false, + "properties": { + "MaximumPollers": { + "maximum": 2000, + "minimum": 1, + "type": "integer" + }, + "MinimumPollers": { + "maximum": 200, + "minimum": 1, + "type": "integer" + }, + "PollerGroupName": { + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/SchemaRegistryConfig", + "value": { + "additionalProperties": false, + "properties": { + "ConsumerGroupId": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "AccessConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "type": "array", + "uniqueItems": true + }, + "EventRecordFormat": { + "enum": [ + "JSON", + "SOURCE" + ], + "type": "string" + }, + "SchemaRegistryURI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "[a-zA-Z0-9-/*:_+=.@-]*", + "type": "string" + }, + "SchemaValidationConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Attribute": { + "enum": [ + "KEY", + "VALUE" + ], + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/StartingPosition", + "value": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/StartingPositionTimestamp", + "value": { + "type": "number" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/Stream", + "value": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/MSKEventProperties/properties/Topics", + "value": { + "items": { + "maxLength": 249, + "minLength": 1, + "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/SNSEventProperties/properties/FilterPolicy", + "value": { + "type": [ + "object", + "string" + ] + } + }, + { + "op": "replace", + "path": "/definitions/SNSEventProperties/properties/Region", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/SNSEventProperties/properties/Topic", + "value": { + "format": "AWS::SNS::Topic.Arn", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/BatchSize", + "value": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/Enabled", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/FunctionResponseTypes", + "value": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/KmsKeyArn", + "value": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/MaximumBatchingWindowInSeconds", + "value": { + "maximum": 300, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/SQSEventProperties/properties/Queue", + "value": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/Description", + "value": { + "maxLength": 512, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/EndDate", + "value": { + "format": "date-time", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/FlexibleTimeWindow", + "value": { + "additionalProperties": false, + "properties": { + "MaximumWindowInMinutes": { + "maximum": 1440, + "minimum": 1, + "type": "number" + }, + "Mode": { + "enum": [ + "OFF", + "FLEXIBLE" + ], + "type": "string" + } + }, + "required": [ + "Mode" + ], + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/GroupName", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/KmsKeyArn", + "value": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws[a-z-]*:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/Name", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/PermissionsBoundary", + "value": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/ScheduleExpression", + "value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/ScheduleExpressionTimezone", + "value": { + "maxLength": 50, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/StartDate", + "value": { + "format": "date-time", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/State", + "value": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/BatchSize", + "value": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/BisectBatchOnFunctionError", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/Enabled", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/FilterCriteria", + "value": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/FunctionResponseTypes", + "value": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/LoggingConfig", + "value": { + "additionalProperties": false, + "properties": { + "SystemLogLevel": { + "enum": [ + "DEBUG", + "INFO", + "WARN" + ], + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/MaximumRecordAgeInSeconds", + "value": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/MaximumRetryAttempts", + "value": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/MetricsConfig", + "value": { + "additionalProperties": false, + "properties": { + "Metrics": { + "items": { + "enum": [ + "EventCount", + "ErrorCount", + "KafkaMetrics" + ], + "type": "string" + }, + "maxItems": 3, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/ProvisionedPollerConfig", + "value": { + "additionalProperties": false, + "properties": { + "MaximumPollers": { + "maximum": 2000, + "minimum": 1, + "type": "integer" + }, + "MinimumPollers": { + "maximum": 200, + "minimum": 1, + "type": "integer" + }, + "PollerGroupName": { + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/SchemaRegistryConfig", + "value": { + "additionalProperties": false, + "properties": { + "ConsumerGroupId": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "AccessConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "type": "array", + "uniqueItems": true + }, + "EventRecordFormat": { + "enum": [ + "JSON", + "SOURCE" + ], + "type": "string" + }, + "SchemaRegistryURI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "[a-zA-Z0-9-/*:_+=.@-]*", + "type": "string" + }, + "SchemaValidationConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Attribute": { + "enum": [ + "KEY", + "VALUE" + ], + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/StartingPosition", + "value": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/StartingPositionTimestamp", + "value": { + "type": "number" + } + }, + { + "op": "replace", + "path": "/definitions/SelfManagedKafkaEventProperties/properties/Topics", + "value": { + "items": { + "maxLength": 249, + "minLength": 1, + "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + { + "op": "replace", + "path": "/properties/KmsKeyArn", + "value": { + "format": "AWS::KMS::Key.Arn", + "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/Layers", + "value": { + "items": { + "minLength": 1, + "pattern": "^arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\\d{12}:layer:[a-zA-Z0-9-_]+:[0-9]+$", + "type": "string" + }, + "maxItems": 5, + "type": "array", + "uniqueItems": false + } + }, + { + "op": "replace", + "path": "/properties/MemorySize", + "value": { + "maximum": 32768, + "minimum": 128, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/properties/PackageType", + "value": { + "enum": [ + "Image", + "Zip" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/ReservedConcurrentExecutions", + "value": { + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/properties/SnapStart", + "value": { + "additionalProperties": false, + "properties": { + "ApplyOn": { + "enum": [ + "PublishedVersions", + "None" + ], + "type": "string" + } + }, + "required": [ + "ApplyOn" + ], + "type": "object" + } + }, + { + "op": "replace", + "path": "/properties/Timeout", + "value": { + "maximum": 900, + "minimum": 1, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/properties/VersionDescription", + "value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/VpcConfig", + "value": { + "additionalProperties": false, + "properties": { + "Ipv6AllowedForDualStack": { + "type": "boolean" + }, + "SecurityGroupIds": { + "format": "AWS::EC2::SecurityGroup.Ids", + "items": { + "format": "AWS::EC2::SecurityGroup.Id", + "type": "string" + }, + "maxItems": 5, + "minItems": 0, + "type": "array", + "uniqueItems": false + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "maxItems": 16, + "minItems": 0, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/passthrough.json new file mode 100644 index 0000000000..7df8bd5711 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_graphqlapi/passthrough.json @@ -0,0 +1,142 @@ +[ + { + "op": "replace", + "path": "/definitions/ApiKey/properties/ApiKeyId", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ApiKey/properties/Description", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ApiKey/properties/ExpiresOn", + "value": { + "type": "number" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBDataSource/properties/Description", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBDataSource/properties/Name", + "value": { + "maxLength": 65536, + "minLength": 1, + "pattern": "^[_A-Za-z][_0-9A-Za-z]*$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/DynamoDBDataSource/properties/ServiceRoleArn", + "value": { + "format": "AWS::IAM::Role.Arn", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Function/properties/CodeUri", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Function/properties/Description", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Function/properties/InlineCode", + "value": { + "maxLength": 32768, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/LambdaDataSource/properties/Description", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/LambdaDataSource/properties/Name", + "value": { + "maxLength": 65536, + "minLength": 1, + "pattern": "^[_A-Za-z][_0-9A-Za-z]*$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/LambdaDataSource/properties/ServiceRoleArn", + "value": { + "format": "AWS::IAM::Role.Arn", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Resolver/properties/CodeUri", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Resolver/properties/InlineCode", + "value": { + "maxLength": 32768, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Resolver/properties/MaxBatchSize", + "value": { + "maximum": 2000, + "minimum": 0, + "type": "integer" + } + }, + { + "op": "replace", + "path": "/properties/Name", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/SchemaInline", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/SchemaUri", + "value": { + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/passthrough.json new file mode 100644 index 0000000000..b6a1532a4c --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_httpapi/passthrough.json @@ -0,0 +1,102 @@ +[ + { + "op": "replace", + "path": "/definitions/Domain/properties/DomainName", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/MutualTlsAuthentication", + "value": { + "additionalProperties": false, + "properties": { + "TruststoreUri": { + "type": "string" + }, + "TruststoreVersion": { + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/OwnershipVerificationCertificateArn", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/SecurityPolicy", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/AccessLogSettings", + "value": { + "additionalProperties": false, + "properties": { + "DestinationArn": { + "type": "string" + }, + "Format": { + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/properties/DefaultRouteSettings", + "value": { + "format": "json", + "type": [ + "object", + "string" + ] + } + }, + { + "op": "replace", + "path": "/properties/FailOnWarnings", + "value": { + "type": "boolean" + } + }, + { + "op": "replace", + "path": "/properties/RouteSettings", + "value": { + "format": "json", + "type": [ + "object", + "string" + ] + } + }, + { + "op": "replace", + "path": "/properties/StageName", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/StageVariables", + "value": { + "format": "json", + "type": [ + "object", + "string" + ] + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/manual.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/manual.json new file mode 100644 index 0000000000..4286837a0d --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/manual.json @@ -0,0 +1,14 @@ +[ + { + "op": "add", + "path": "/definitions/EventBridgeRuleEventProperties/properties/State", + "value": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/passthrough.json new file mode 100644 index 0000000000..1b256aa66d --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_statemachine/passthrough.json @@ -0,0 +1,315 @@ +[ + { + "op": "replace", + "path": "/definitions/CloudWatchEventProperties/properties/EventBusName", + "value": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/CloudWatchEventProperties/properties/Pattern", + "value": { + "type": [ + "string", + "object" + ] + } + }, + { + "op": "replace", + "path": "/definitions/DeadLetterConfig/properties/Arn", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/EventBusName", + "value": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/Pattern", + "value": { + "type": [ + "string", + "object" + ] + } + }, + { + "op": "replace", + "path": "/definitions/EventBridgeRuleEventProperties/properties/RuleName", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleEventProperties/properties/Description", + "value": { + "maxLength": 512, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleEventProperties/properties/Name", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleEventProperties/properties/Schedule", + "value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleEventProperties/properties/State", + "value": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/Description", + "value": { + "maxLength": 512, + "minLength": 0, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/EndDate", + "value": { + "format": "date-time", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/FlexibleTimeWindow", + "value": { + "additionalProperties": false, + "properties": { + "MaximumWindowInMinutes": { + "maximum": 1440, + "minimum": 1, + "type": "number" + }, + "Mode": { + "enum": [ + "OFF", + "FLEXIBLE" + ], + "type": "string" + } + }, + "required": [ + "Mode" + ], + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/GroupName", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/KmsKeyArn", + "value": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws[a-z-]*:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/Name", + "value": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/PermissionsBoundary", + "value": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/ScheduleExpression", + "value": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/ScheduleExpressionTimezone", + "value": { + "maxLength": 50, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/StartDate", + "value": { + "format": "date-time", + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/ScheduleV2EventProperties/properties/State", + "value": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/Logging", + "value": { + "additionalProperties": false, + "properties": { + "Destinations": { + "insertionOrder": false, + "items": { + "additionalProperties": false, + "properties": { + "CloudWatchLogsLogGroup": { + "additionalProperties": false, + "properties": { + "LogGroupArn": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "IncludeExecutionData": { + "type": "boolean" + }, + "Level": { + "enum": [ + "ALL", + "ERROR", + "FATAL", + "OFF" + ], + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/properties/Name", + "value": { + "maxLength": 80, + "minLength": 1, + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/PermissionsBoundary", + "value": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/RolePath", + "value": { + "default": "/", + "maxLength": 512, + "minLength": 1, + "pattern": "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$", + "type": "string" + } + }, + { + "op": "replace", + "path": "/properties/Tracing", + "value": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/properties/Type", + "value": { + "enum": [ + "STANDARD", + "EXPRESS" + ], + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/__init__.py b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/__init__.py new file mode 100644 index 0000000000..e58049dc73 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/__init__.py @@ -0,0 +1,4 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" diff --git a/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/passthrough.json b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/passthrough.json new file mode 100644 index 0000000000..1685414e24 --- /dev/null +++ b/src/cfnlint/data/schemas/patches/extensions/all/aws_serverless_websocketapi/passthrough.json @@ -0,0 +1,39 @@ +[ + { + "op": "replace", + "path": "/definitions/Domain/properties/DomainName", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/MutualTlsAuthentication", + "value": { + "additionalProperties": false, + "properties": { + "TruststoreUri": { + "type": "string" + }, + "TruststoreVersion": { + "type": "string" + } + }, + "type": "object" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/OwnershipVerificationCertificateArn", + "value": { + "type": "string" + } + }, + { + "op": "replace", + "path": "/definitions/Domain/properties/SecurityPolicy", + "value": { + "type": "string" + } + } +] diff --git a/src/cfnlint/data/schemas/providers/af_south_1.py b/src/cfnlint/data/schemas/providers/af_south_1.py index ed72882a1a..711503174b 100644 --- a/src/cfnlint/data/schemas/providers/af_south_1.py +++ b/src/cfnlint/data/schemas/providers/af_south_1.py @@ -926,6 +926,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_east_1.py b/src/cfnlint/data/schemas/providers/ap_east_1.py index a632bc27a2..37be85c01d 100644 --- a/src/cfnlint/data/schemas/providers/ap_east_1.py +++ b/src/cfnlint/data/schemas/providers/ap_east_1.py @@ -610,7 +610,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -885,6 +884,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_east_2.py b/src/cfnlint/data/schemas/providers/ap_east_2.py index 775c47e8cb..5a6de230f4 100644 --- a/src/cfnlint/data/schemas/providers/ap_east_2.py +++ b/src/cfnlint/data/schemas/providers/ap_east_2.py @@ -429,7 +429,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -630,6 +629,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceDiscovery::HttpNamespace": "986cb51cac464fe8", "AWS::ServiceDiscovery::Instance": "b4227e1dfa14a394", "AWS::ServiceDiscovery::PrivateDnsNamespace": "d78a2213969ef282", diff --git a/src/cfnlint/data/schemas/providers/ap_northeast_1.py b/src/cfnlint/data/schemas/providers/ap_northeast_1.py index 5ada0fa3aa..60e44a49c2 100644 --- a/src/cfnlint/data/schemas/providers/ap_northeast_1.py +++ b/src/cfnlint/data/schemas/providers/ap_northeast_1.py @@ -873,7 +873,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1360,6 +1359,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_northeast_2.py b/src/cfnlint/data/schemas/providers/ap_northeast_2.py index fe34e5370f..7789e73e9a 100644 --- a/src/cfnlint/data/schemas/providers/ap_northeast_2.py +++ b/src/cfnlint/data/schemas/providers/ap_northeast_2.py @@ -823,7 +823,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1280,6 +1279,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_northeast_3.py b/src/cfnlint/data/schemas/providers/ap_northeast_3.py index 226780312c..e6c6b34ebc 100644 --- a/src/cfnlint/data/schemas/providers/ap_northeast_3.py +++ b/src/cfnlint/data/schemas/providers/ap_northeast_3.py @@ -591,7 +591,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -952,6 +951,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_south_1.py b/src/cfnlint/data/schemas/providers/ap_south_1.py index bfbff8e5ba..23ecd551b2 100644 --- a/src/cfnlint/data/schemas/providers/ap_south_1.py +++ b/src/cfnlint/data/schemas/providers/ap_south_1.py @@ -814,7 +814,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1275,6 +1274,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_south_2.py b/src/cfnlint/data/schemas/providers/ap_south_2.py index 35e50fdbaa..0e621c5d99 100644 --- a/src/cfnlint/data/schemas/providers/ap_south_2.py +++ b/src/cfnlint/data/schemas/providers/ap_south_2.py @@ -508,7 +508,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -795,6 +794,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_1.py b/src/cfnlint/data/schemas/providers/ap_southeast_1.py index 968a58d8c4..3ea634c6dc 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_1.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_1.py @@ -842,7 +842,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1332,6 +1331,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_2.py b/src/cfnlint/data/schemas/providers/ap_southeast_2.py index 8f6c64c4b9..14d72782f8 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_2.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_2.py @@ -875,7 +875,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1356,6 +1355,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_3.py b/src/cfnlint/data/schemas/providers/ap_southeast_3.py index b4e9e46f8f..df625e7970 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_3.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_3.py @@ -530,7 +530,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -826,6 +825,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_4.py b/src/cfnlint/data/schemas/providers/ap_southeast_4.py index 70fb8d67f8..14ba478aa6 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_4.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_4.py @@ -494,7 +494,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -750,6 +749,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_5.py b/src/cfnlint/data/schemas/providers/ap_southeast_5.py index adc50a9ee0..9b8561e99b 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_5.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_5.py @@ -534,7 +534,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -819,6 +818,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceDiscovery::HttpNamespace": "986cb51cac464fe8", "AWS::ServiceDiscovery::Instance": "b4227e1dfa14a394", "AWS::ServiceDiscovery::PrivateDnsNamespace": "d78a2213969ef282", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_6.py b/src/cfnlint/data/schemas/providers/ap_southeast_6.py index 2814c6a55a..a4dabc6ee0 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_6.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_6.py @@ -601,6 +601,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "858169f3fac12276", "AWS::ServiceCatalog::CloudFormationProduct": "919d5af45f96cda5", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "0fde3518e86d66c8", diff --git a/src/cfnlint/data/schemas/providers/ap_southeast_7.py b/src/cfnlint/data/schemas/providers/ap_southeast_7.py index 52b5a90d8c..b17e819974 100644 --- a/src/cfnlint/data/schemas/providers/ap_southeast_7.py +++ b/src/cfnlint/data/schemas/providers/ap_southeast_7.py @@ -491,7 +491,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -705,6 +704,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceDiscovery::HttpNamespace": "986cb51cac464fe8", "AWS::ServiceDiscovery::Instance": "b4227e1dfa14a394", "AWS::ServiceDiscovery::PrivateDnsNamespace": "d78a2213969ef282", diff --git a/src/cfnlint/data/schemas/providers/ca_central_1.py b/src/cfnlint/data/schemas/providers/ca_central_1.py index 09175e4ca5..33cd37ce35 100644 --- a/src/cfnlint/data/schemas/providers/ca_central_1.py +++ b/src/cfnlint/data/schemas/providers/ca_central_1.py @@ -773,7 +773,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1224,6 +1223,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/ca_west_1.py b/src/cfnlint/data/schemas/providers/ca_west_1.py index bf813a2915..6c88d51202 100644 --- a/src/cfnlint/data/schemas/providers/ca_west_1.py +++ b/src/cfnlint/data/schemas/providers/ca_west_1.py @@ -474,7 +474,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -723,6 +722,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "858169f3fac12276", "AWS::ServiceCatalog::CloudFormationProduct": "919d5af45f96cda5", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "0fde3518e86d66c8", diff --git a/src/cfnlint/data/schemas/providers/cn_north_1.py b/src/cfnlint/data/schemas/providers/cn_north_1.py index 5a904fe02b..00792abf29 100644 --- a/src/cfnlint/data/schemas/providers/cn_north_1.py +++ b/src/cfnlint/data/schemas/providers/cn_north_1.py @@ -728,6 +728,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/cn_northwest_1.py b/src/cfnlint/data/schemas/providers/cn_northwest_1.py index a1a5a628a6..8da008c857 100644 --- a/src/cfnlint/data/schemas/providers/cn_northwest_1.py +++ b/src/cfnlint/data/schemas/providers/cn_northwest_1.py @@ -684,6 +684,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_central_1.py b/src/cfnlint/data/schemas/providers/eu_central_1.py index 5d140b47e5..bc5a4fbc0d 100644 --- a/src/cfnlint/data/schemas/providers/eu_central_1.py +++ b/src/cfnlint/data/schemas/providers/eu_central_1.py @@ -886,7 +886,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1385,6 +1384,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_central_2.py b/src/cfnlint/data/schemas/providers/eu_central_2.py index d0ead93004..19024366bb 100644 --- a/src/cfnlint/data/schemas/providers/eu_central_2.py +++ b/src/cfnlint/data/schemas/providers/eu_central_2.py @@ -537,7 +537,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -817,6 +816,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_isoe_west_1.py b/src/cfnlint/data/schemas/providers/eu_isoe_west_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/eu_isoe_west_1.py +++ b/src/cfnlint/data/schemas/providers/eu_isoe_west_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_north_1.py b/src/cfnlint/data/schemas/providers/eu_north_1.py index 9535eda28c..eed6f473d8 100644 --- a/src/cfnlint/data/schemas/providers/eu_north_1.py +++ b/src/cfnlint/data/schemas/providers/eu_north_1.py @@ -687,7 +687,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1108,6 +1107,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_south_1.py b/src/cfnlint/data/schemas/providers/eu_south_1.py index f43b78bd6e..484458be1a 100644 --- a/src/cfnlint/data/schemas/providers/eu_south_1.py +++ b/src/cfnlint/data/schemas/providers/eu_south_1.py @@ -924,6 +924,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_south_2.py b/src/cfnlint/data/schemas/providers/eu_south_2.py index 90d6bccfcd..f8863cb45c 100644 --- a/src/cfnlint/data/schemas/providers/eu_south_2.py +++ b/src/cfnlint/data/schemas/providers/eu_south_2.py @@ -578,7 +578,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -859,6 +858,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_west_1.py b/src/cfnlint/data/schemas/providers/eu_west_1.py index bc035242d3..8d8d9557bc 100644 --- a/src/cfnlint/data/schemas/providers/eu_west_1.py +++ b/src/cfnlint/data/schemas/providers/eu_west_1.py @@ -850,7 +850,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1364,6 +1363,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_west_2.py b/src/cfnlint/data/schemas/providers/eu_west_2.py index e0549c2f4b..c9a2c5bedf 100644 --- a/src/cfnlint/data/schemas/providers/eu_west_2.py +++ b/src/cfnlint/data/schemas/providers/eu_west_2.py @@ -820,7 +820,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1288,6 +1287,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eu_west_3.py b/src/cfnlint/data/schemas/providers/eu_west_3.py index b2c69f5111..7bff5cf27f 100644 --- a/src/cfnlint/data/schemas/providers/eu_west_3.py +++ b/src/cfnlint/data/schemas/providers/eu_west_3.py @@ -691,7 +691,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1104,6 +1103,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/eusc_de_east_1.py b/src/cfnlint/data/schemas/providers/eusc_de_east_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/eusc_de_east_1.py +++ b/src/cfnlint/data/schemas/providers/eusc_de_east_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/il_central_1.py b/src/cfnlint/data/schemas/providers/il_central_1.py index eeff6029bf..3bc04e3aac 100644 --- a/src/cfnlint/data/schemas/providers/il_central_1.py +++ b/src/cfnlint/data/schemas/providers/il_central_1.py @@ -546,7 +546,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "a41f377eeb371ca4", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -823,6 +822,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/me_central_1.py b/src/cfnlint/data/schemas/providers/me_central_1.py index c38171f2ae..aac69741a3 100644 --- a/src/cfnlint/data/schemas/providers/me_central_1.py +++ b/src/cfnlint/data/schemas/providers/me_central_1.py @@ -802,6 +802,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/me_south_1.py b/src/cfnlint/data/schemas/providers/me_south_1.py index 21b519bb57..eab72b2bd3 100644 --- a/src/cfnlint/data/schemas/providers/me_south_1.py +++ b/src/cfnlint/data/schemas/providers/me_south_1.py @@ -839,6 +839,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/mx_central_1.py b/src/cfnlint/data/schemas/providers/mx_central_1.py index 421361fcaa..7fbc9fcba6 100644 --- a/src/cfnlint/data/schemas/providers/mx_central_1.py +++ b/src/cfnlint/data/schemas/providers/mx_central_1.py @@ -457,7 +457,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::EventInvokeConfig": "a522dea7b00f4aff", "AWS::Lambda::EventSourceMapping": "219d21653259058c", "AWS::Lambda::Function": "40189dea7ef4e99d", @@ -659,6 +658,17 @@ "AWS::SecurityHub::ProductSubscription": "a6a7b09a786ba544", "AWS::SecurityHub::SecurityControl": "062ab72de4bbcd1d", "AWS::SecurityHub::Standard": "a9a57a7527f5aff5", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceDiscovery::HttpNamespace": "986cb51cac464fe8", "AWS::ServiceDiscovery::Instance": "b4227e1dfa14a394", "AWS::ServiceDiscovery::PrivateDnsNamespace": "d78a2213969ef282", diff --git a/src/cfnlint/data/schemas/providers/sa_east_1.py b/src/cfnlint/data/schemas/providers/sa_east_1.py index 1ca6bb1826..4cba2840d7 100644 --- a/src/cfnlint/data/schemas/providers/sa_east_1.py +++ b/src/cfnlint/data/schemas/providers/sa_east_1.py @@ -697,7 +697,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1106,6 +1105,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_east_1.py b/src/cfnlint/data/schemas/providers/us_east_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_east_1.py +++ b/src/cfnlint/data/schemas/providers/us_east_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_east_2.py b/src/cfnlint/data/schemas/providers/us_east_2.py index 189b15c38f..d3401f159d 100644 --- a/src/cfnlint/data/schemas/providers/us_east_2.py +++ b/src/cfnlint/data/schemas/providers/us_east_2.py @@ -808,7 +808,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1261,6 +1260,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_gov_east_1.py b/src/cfnlint/data/schemas/providers/us_gov_east_1.py index 17cec1f535..07708fa9ef 100644 --- a/src/cfnlint/data/schemas/providers/us_gov_east_1.py +++ b/src/cfnlint/data/schemas/providers/us_gov_east_1.py @@ -796,6 +796,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_gov_west_1.py b/src/cfnlint/data/schemas/providers/us_gov_west_1.py index c68af8f822..faf3635c2e 100644 --- a/src/cfnlint/data/schemas/providers/us_gov_west_1.py +++ b/src/cfnlint/data/schemas/providers/us_gov_west_1.py @@ -911,6 +911,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "77373a56c0c4bd28", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_iso_east_1.py b/src/cfnlint/data/schemas/providers/us_iso_east_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_iso_east_1.py +++ b/src/cfnlint/data/schemas/providers/us_iso_east_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_iso_west_1.py b/src/cfnlint/data/schemas/providers/us_iso_west_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_iso_west_1.py +++ b/src/cfnlint/data/schemas/providers/us_iso_west_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_isob_east_1.py b/src/cfnlint/data/schemas/providers/us_isob_east_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_isob_east_1.py +++ b/src/cfnlint/data/schemas/providers/us_isob_east_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_isob_west_1.py b/src/cfnlint/data/schemas/providers/us_isob_west_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_isob_west_1.py +++ b/src/cfnlint/data/schemas/providers/us_isob_west_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_isof_east_1.py b/src/cfnlint/data/schemas/providers/us_isof_east_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_isof_east_1.py +++ b/src/cfnlint/data/schemas/providers/us_isof_east_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_isof_south_1.py b/src/cfnlint/data/schemas/providers/us_isof_south_1.py index f452a82d4b..bdb5b720d1 100644 --- a/src/cfnlint/data/schemas/providers/us_isof_south_1.py +++ b/src/cfnlint/data/schemas/providers/us_isof_south_1.py @@ -920,7 +920,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1453,6 +1452,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "82ec23f1319b9a9e", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_west_1.py b/src/cfnlint/data/schemas/providers/us_west_1.py index c680011948..4b24ce500e 100644 --- a/src/cfnlint/data/schemas/providers/us_west_1.py +++ b/src/cfnlint/data/schemas/providers/us_west_1.py @@ -653,7 +653,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "219d21653259058c", @@ -1022,6 +1021,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/providers/us_west_2.py b/src/cfnlint/data/schemas/providers/us_west_2.py index 7c07b53342..3b53cae870 100644 --- a/src/cfnlint/data/schemas/providers/us_west_2.py +++ b/src/cfnlint/data/schemas/providers/us_west_2.py @@ -910,7 +910,6 @@ "AWS::LakeFormation::Tag": "e6965562c3f7e5bb", "AWS::LakeFormation::TagAssociation": "22d7f7ee98ca2b17", "AWS::Lambda::Alias": "9c55b8fdda504271", - "AWS::Lambda::CapacityProvider": "538eaeb7bcbd86eb", "AWS::Lambda::CodeSigningConfig": "078214085a4c3669", "AWS::Lambda::EventInvokeConfig": "c92ee73f58db6eaa", "AWS::Lambda::EventSourceMapping": "5dbf5e2d0596ddb3", @@ -1427,6 +1426,17 @@ "AWS::SecurityLake::DataLake": "3b4f02ea01647d04", "AWS::SecurityLake::Subscriber": "d19c32e17f36619f", "AWS::SecurityLake::SubscriberNotification": "ef5a3a84d2557a3e", + "AWS::Serverless::Api": "e6affacebe8b0c55", + "AWS::Serverless::Application": "f7ac4b0ebba84f8b", + "AWS::Serverless::CapacityProvider": "9642a84515d09fb5", + "AWS::Serverless::Connector": "4bdbe0eeeeb859e5", + "AWS::Serverless::Function": "554cec6192159770", + "AWS::Serverless::GraphQLApi": "2d654013ac11af44", + "AWS::Serverless::HttpApi": "9aebe136ff9b8f6d", + "AWS::Serverless::LayerVersion": "e6e17ee142ff4fb5", + "AWS::Serverless::SimpleTable": "318018ba3be5fbfc", + "AWS::Serverless::StateMachine": "cbe043b60e78821e", + "AWS::Serverless::WebSocketApi": "81e13008dbf1beb7", "AWS::ServiceCatalog::AcceptedPortfolioShare": "aabf5162cee03316", "AWS::ServiceCatalog::CloudFormationProduct": "662186534ff8e643", "AWS::ServiceCatalog::CloudFormationProvisionedProduct": "448a377417beb2e5", diff --git a/src/cfnlint/data/schemas/resources/2d654013ac11af44.json b/src/cfnlint/data/schemas/resources/2d654013ac11af44.json new file mode 100644 index 0000000000..ab1ee1d51a --- /dev/null +++ b/src/cfnlint/data/schemas/resources/2d654013ac11af44.json @@ -0,0 +1,649 @@ +{ + "additionalProperties": false, + "definitions": { + "ApiKey": { + "additionalProperties": false, + "properties": { + "ApiKeyId": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "ExpiresOn": { + "type": "number" + } + }, + "type": "object" + }, + "Auth": { + "additionalProperties": false, + "properties": { + "Additional": { + "items": { + "$ref": "#/definitions/Authorizer" + }, + "type": "array" + }, + "LambdaAuthorizer": { + "$ref": "#/definitions/LambdaAuthorizerConfig" + }, + "OpenIDConnect": { + "$ref": "#/definitions/OpenIDConnectConfig" + }, + "Type": { + "enum": [ + "AWS_IAM", + "API_KEY", + "AWS_LAMBDA", + "OPENID_CONNECT", + "AMAZON_COGNITO_USER_POOLS" + ], + "type": "string" + }, + "UserPool": { + "$ref": "#/definitions/UserPoolConfig" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "Authorizer": { + "additionalProperties": false, + "properties": { + "LambdaAuthorizer": { + "$ref": "#/definitions/LambdaAuthorizerConfig" + }, + "OpenIDConnect": { + "$ref": "#/definitions/OpenIDConnectConfig" + }, + "Type": { + "enum": [ + "AWS_IAM", + "API_KEY", + "AWS_LAMBDA", + "OPENID_CONNECT", + "AMAZON_COGNITO_USER_POOLS" + ], + "type": "string" + }, + "UserPool": { + "$ref": "#/definitions/UserPoolConfig" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "Cache": { + "additionalProperties": false, + "properties": { + "ApiCachingBehavior": { + "$ref": "#/definitions/PassThroughProp" + }, + "AtRestEncryptionEnabled": { + "$ref": "#/definitions/PassThroughProp" + }, + "TransitEncryptionEnabled": { + "$ref": "#/definitions/PassThroughProp" + }, + "Ttl": { + "$ref": "#/definitions/PassThroughProp" + }, + "Type": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "ApiCachingBehavior", + "Ttl", + "Type" + ], + "type": "object" + }, + "Caching": { + "additionalProperties": false, + "properties": { + "CachingKeys": { + "items": { + "$ref": "#/definitions/PassThroughProp" + }, + "type": "array" + }, + "Ttl": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "Ttl" + ], + "type": "object" + }, + "DataSources": { + "additionalProperties": false, + "properties": { + "DynamoDb": { + "additionalProperties": { + "$ref": "#/definitions/DynamoDBDataSource" + }, + "type": "object" + }, + "Lambda": { + "additionalProperties": { + "$ref": "#/definitions/LambdaDataSource" + }, + "type": "object" + } + }, + "type": "object" + }, + "DeltaSync": { + "additionalProperties": false, + "properties": { + "BaseTableTTL": { + "$ref": "#/definitions/PassThroughProp" + }, + "DeltaSyncTableName": { + "$ref": "#/definitions/PassThroughProp" + }, + "DeltaSyncTableTTL": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "BaseTableTTL", + "DeltaSyncTableName", + "DeltaSyncTableTTL" + ], + "type": "object" + }, + "DomainName": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "$ref": "#/definitions/PassThroughProp" + }, + "Description": { + "$ref": "#/definitions/PassThroughProp" + }, + "DomainName": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "CertificateArn", + "DomainName" + ], + "type": "object" + }, + "DynamoDBDataSource": { + "additionalProperties": false, + "properties": { + "DeltaSync": { + "allOf": [ + { + "$ref": "#/definitions/DeltaSync" + } + ] + }, + "Description": { + "type": "string" + }, + "Name": { + "maxLength": 65536, + "minLength": 1, + "pattern": "^[_A-Za-z][_0-9A-Za-z]*$", + "type": "string" + }, + "Permissions": { + "items": { + "enum": [ + "Read", + "Write" + ], + "type": "string" + }, + "type": "array" + }, + "Region": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ServiceRoleArn": { + "format": "AWS::IAM::Role.Arn", + "type": "string" + }, + "TableArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "TableName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "UseCallerCredentials": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Versioned": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "TableName" + ], + "type": "object" + }, + "Function": { + "additionalProperties": false, + "properties": { + "CodeUri": { + "type": "string" + }, + "DataSource": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Description": { + "type": "string" + }, + "Id": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InlineCode": { + "maxLength": 32768, + "minLength": 1, + "type": "string" + }, + "MaxBatchSize": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Name": { + "type": "string" + }, + "Runtime": { + "allOf": [ + { + "$ref": "#/definitions/Runtime" + } + ] + }, + "Sync": { + "allOf": [ + { + "$ref": "#/definitions/Sync" + } + ] + } + }, + "type": "object" + }, + "LambdaAuthorizerConfig": { + "additionalProperties": false, + "properties": { + "AuthorizerResultTtlInSeconds": { + "$ref": "#/definitions/PassThroughProp" + }, + "AuthorizerUri": { + "$ref": "#/definitions/PassThroughProp" + }, + "IdentityValidationExpression": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "AuthorizerUri" + ], + "type": "object" + }, + "LambdaConflictHandlerConfig": { + "additionalProperties": false, + "properties": { + "LambdaConflictHandlerArn": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "LambdaConflictHandlerArn" + ], + "type": "object" + }, + "LambdaDataSource": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "FunctionArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Name": { + "maxLength": 65536, + "minLength": 1, + "pattern": "^[_A-Za-z][_0-9A-Za-z]*$", + "type": "string" + }, + "ServiceRoleArn": { + "format": "AWS::IAM::Role.Arn", + "type": "string" + } + }, + "required": [ + "FunctionArn" + ], + "type": "object" + }, + "Logging": { + "additionalProperties": false, + "properties": { + "CloudWatchLogsRoleArn": { + "$ref": "#/definitions/PassThroughProp" + }, + "ExcludeVerboseContent": { + "$ref": "#/definitions/PassThroughProp" + }, + "FieldLogLevel": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "type": "object" + }, + "OpenIDConnectConfig": { + "additionalProperties": false, + "properties": { + "AuthTTL": { + "$ref": "#/definitions/PassThroughProp" + }, + "ClientId": { + "$ref": "#/definitions/PassThroughProp" + }, + "IatTTL": { + "$ref": "#/definitions/PassThroughProp" + }, + "Issuer": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "type": "object" + }, + "PassThroughProp": {}, + "Resolver": { + "additionalProperties": false, + "properties": { + "Caching": { + "allOf": [ + { + "$ref": "#/definitions/Caching" + } + ] + }, + "CodeUri": { + "type": "string" + }, + "FieldName": { + "type": "string" + }, + "InlineCode": { + "maxLength": 32768, + "minLength": 1, + "type": "string" + }, + "MaxBatchSize": { + "maximum": 2000, + "minimum": 0, + "type": "integer" + }, + "Pipeline": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Runtime": { + "allOf": [ + { + "$ref": "#/definitions/Runtime" + } + ] + }, + "Sync": { + "allOf": [ + { + "$ref": "#/definitions/Sync" + } + ] + } + }, + "type": "object" + }, + "Runtime": { + "additionalProperties": false, + "properties": { + "Name": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Version": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Name", + "Version" + ], + "type": "object" + }, + "Sync": { + "additionalProperties": false, + "properties": { + "ConflictDetection": { + "$ref": "#/definitions/PassThroughProp" + }, + "ConflictHandler": { + "$ref": "#/definitions/PassThroughProp" + }, + "LambdaConflictHandlerConfig": { + "$ref": "#/definitions/LambdaConflictHandlerConfig" + } + }, + "required": [ + "ConflictDetection" + ], + "type": "object" + }, + "UserPoolConfig": { + "additionalProperties": false, + "properties": { + "AppIdClientRegex": { + "$ref": "#/definitions/PassThroughProp" + }, + "AwsRegion": { + "$ref": "#/definitions/PassThroughProp" + }, + "DefaultAction": { + "$ref": "#/definitions/PassThroughProp" + }, + "UserPoolId": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "UserPoolId" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/ApiId" + ], + "properties": { + "ApiId": { + "type": "string" + }, + "ApiKeys": { + "additionalProperties": { + "$ref": "#/definitions/ApiKey" + }, + "type": "object" + }, + "Arn": { + "pattern": "^arn:.*", + "type": "string" + }, + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/Auth" + } + ] + }, + "Cache": { + "allOf": [ + { + "$ref": "#/definitions/Cache" + } + ] + }, + "DataSources": { + "allOf": [ + { + "$ref": "#/definitions/DataSources" + } + ] + }, + "DomainName": { + "allOf": [ + { + "$ref": "#/definitions/DomainName" + } + ] + }, + "Functions": { + "additionalProperties": { + "$ref": "#/definitions/Function" + }, + "type": "object" + }, + "GraphQLDns": { + "type": "string" + }, + "GraphQLEndpointArn": { + "type": "string" + }, + "GraphQLUrl": { + "type": "string" + }, + "IntrospectionConfig": { + "$ref": "#/definitions/PassThroughProp" + }, + "Logging": { + "anyOf": [ + { + "$ref": "#/definitions/Logging" + }, + { + "type": "boolean" + } + ] + }, + "Name": { + "type": "string" + }, + "OwnerContact": { + "$ref": "#/definitions/PassThroughProp" + }, + "QueryDepthLimit": { + "$ref": "#/definitions/PassThroughProp" + }, + "RealtimeDns": { + "type": "string" + }, + "RealtimeUrl": { + "type": "string" + }, + "ResolverCountLimit": { + "$ref": "#/definitions/PassThroughProp" + }, + "Resolvers": { + "additionalProperties": { + "additionalProperties": { + "$ref": "#/definitions/Resolver" + }, + "type": "object" + }, + "type": "object" + }, + "SchemaInline": { + "type": "string" + }, + "SchemaUri": { + "type": "string" + }, + "Tags": { + "type": "object" + }, + "Visibility": { + "$ref": "#/definitions/PassThroughProp" + }, + "XrayEnabled": { + "type": "boolean" + } + }, + "readOnlyProperties": [ + "/properties/ApiId", + "/properties/Arn", + "/properties/GraphQLEndpointArn", + "/properties/GraphQLDns", + "/properties/GraphQLUrl", + "/properties/RealtimeDns", + "/properties/RealtimeUrl" + ], + "required": [ + "Auth" + ], + "typeName": "AWS::Serverless::GraphQLApi" +} diff --git a/src/cfnlint/data/schemas/resources/318018ba3be5fbfc.json b/src/cfnlint/data/schemas/resources/318018ba3be5fbfc.json new file mode 100644 index 0000000000..04647e91be --- /dev/null +++ b/src/cfnlint/data/schemas/resources/318018ba3be5fbfc.json @@ -0,0 +1,105 @@ +{ + "additionalProperties": false, + "definitions": { + "AWS::DynamoDB::Table.PointInTimeRecoverySpecification": { + "additionalProperties": false, + "properties": { + "PointInTimeRecoveryEnabled": { + "type": "boolean" + }, + "RecoveryPeriodInDays": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::DynamoDB::Table.ProvisionedThroughput": { + "additionalProperties": false, + "properties": { + "ReadCapacityUnits": { + "type": "number" + }, + "WriteCapacityUnits": { + "type": "number" + } + }, + "required": [ + "ReadCapacityUnits", + "WriteCapacityUnits" + ], + "type": "object" + }, + "AWS::DynamoDB::Table.SSESpecification": { + "additionalProperties": false, + "properties": { + "KMSMasterKeyId": { + "type": "string" + }, + "SSEEnabled": { + "type": "boolean" + }, + "SSEType": { + "type": "string" + } + }, + "required": [ + "SSEEnabled" + ], + "type": "object" + }, + "PrimaryKey": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Name", + "Type" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/TableName" + ], + "properties": { + "Arn": { + "type": "string" + }, + "PointInTimeRecoverySpecification": { + "$ref": "#/definitions/AWS::DynamoDB::Table.PointInTimeRecoverySpecification" + }, + "PrimaryKey": { + "allOf": [ + { + "$ref": "#/definitions/PrimaryKey" + } + ] + }, + "ProvisionedThroughput": { + "$ref": "#/definitions/AWS::DynamoDB::Table.ProvisionedThroughput" + }, + "SSESpecification": { + "$ref": "#/definitions/AWS::DynamoDB::Table.SSESpecification" + }, + "StreamArn": { + "type": "string" + }, + "TableName": { + "type": "string" + }, + "Tags": { + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/StreamArn" + ], + "typeName": "AWS::Serverless::SimpleTable" +} diff --git a/src/cfnlint/data/schemas/resources/4bdbe0eeeeb859e5.json b/src/cfnlint/data/schemas/resources/4bdbe0eeeeb859e5.json new file mode 100644 index 0000000000..ac1f77591c --- /dev/null +++ b/src/cfnlint/data/schemas/resources/4bdbe0eeeeb859e5.json @@ -0,0 +1,98 @@ +{ + "additionalProperties": false, + "definitions": { + "PassThroughProp": {}, + "ResourceReference": { + "additionalProperties": false, + "properties": { + "Arn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Id": { + "type": "string" + }, + "Name": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Qualifier": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "QueueUrl": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ResourceId": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RoleName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Type": { + "type": "string" + } + }, + "type": "object" + } + }, + "properties": { + "Destination": { + "anyOf": [ + { + "$ref": "#/definitions/ResourceReference" + }, + { + "items": { + "$ref": "#/definitions/ResourceReference" + }, + "type": "array" + } + ] + }, + "Permissions": { + "items": { + "enum": [ + "Read", + "Write" + ], + "type": "string" + }, + "type": "array" + }, + "Source": { + "allOf": [ + { + "$ref": "#/definitions/ResourceReference" + } + ] + } + }, + "required": [ + "Source", + "Destination", + "Permissions" + ], + "typeName": "AWS::Serverless::Connector" +} diff --git a/src/cfnlint/data/schemas/resources/538eaeb7bcbd86eb.json b/src/cfnlint/data/schemas/resources/538eaeb7bcbd86eb.json deleted file mode 100644 index 46db804f17..0000000000 --- a/src/cfnlint/data/schemas/resources/538eaeb7bcbd86eb.json +++ /dev/null @@ -1,255 +0,0 @@ -{ - "additionalProperties": false, - "createOnlyProperties": [ - "/properties/CapacityProviderName", - "/properties/VpcConfig", - "/properties/InstanceRequirements", - "/properties/PermissionsConfig", - "/properties/KmsKeyArn" - ], - "definitions": { - "Architecture": { - "enum": [ - "x86_64", - "arm64" - ], - "type": "string" - }, - "CapacityProviderPermissionsConfig": { - "additionalProperties": false, - "properties": { - "CapacityProviderOperatorRoleArn": { - "format": "AWS::IAM::Role.Arn", - "maxLength": 10000, - "minLength": 0, - "pattern": "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$", - "type": "string" - } - }, - "required": [ - "CapacityProviderOperatorRoleArn" - ], - "type": "object" - }, - "CapacityProviderPredefinedMetricType": { - "enum": [ - "LambdaCapacityProviderAverageCPUUtilization" - ], - "type": "string" - }, - "CapacityProviderScalingConfig": { - "additionalProperties": false, - "properties": { - "MaxVCpuCount": { - "maximum": 15000, - "minimum": 2, - "type": "integer" - }, - "ScalingMode": { - "$ref": "#/definitions/CapacityProviderScalingMode" - }, - "ScalingPolicies": { - "insertionOrder": false, - "items": { - "$ref": "#/definitions/TargetTrackingScalingPolicy" - }, - "maxItems": 10, - "minItems": 1, - "type": "array" - } - }, - "type": "object" - }, - "CapacityProviderScalingMode": { - "enum": [ - "Auto", - "Manual" - ], - "type": "string" - }, - "CapacityProviderState": { - "enum": [ - "Pending", - "Active", - "Failed", - "Deleting" - ], - "type": "string" - }, - "CapacityProviderVpcConfig": { - "additionalProperties": false, - "properties": { - "SecurityGroupIds": { - "format": "AWS::EC2::SecurityGroup.Ids", - "insertionOrder": false, - "items": { - "format": "AWS::EC2::SecurityGroup.Id", - "maxLength": 1024, - "minLength": 0, - "pattern": "^sg-[0-9a-zA-Z]*$", - "type": "string" - }, - "maxItems": 5, - "minItems": 0, - "type": "array" - }, - "SubnetIds": { - "insertionOrder": false, - "items": { - "maxLength": 1024, - "minLength": 0, - "pattern": "^subnet-[0-9a-z]*$", - "type": "string" - }, - "maxItems": 16, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "SubnetIds", - "SecurityGroupIds" - ], - "type": "object" - }, - "InstanceRequirements": { - "additionalProperties": false, - "properties": { - "AllowedInstanceTypes": { - "insertionOrder": false, - "items": { - "maxLength": 30, - "minLength": 1, - "pattern": "^[a-zA-Z0-9\\.\\-]+$", - "type": "string" - }, - "maxItems": 400, - "minItems": 0, - "type": "array" - }, - "Architectures": { - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Architecture" - }, - "maxItems": 1, - "minItems": 1, - "type": "array" - }, - "ExcludedInstanceTypes": { - "insertionOrder": false, - "items": { - "maxLength": 30, - "minLength": 1, - "pattern": "^[a-zA-Z0-9\\.\\-]+$", - "type": "string" - }, - "maxItems": 400, - "minItems": 0, - "type": "array" - } - }, - "type": "object" - }, - "Tag": { - "additionalProperties": false, - "properties": { - "Key": { - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "Value": { - "maxLength": 256, - "minLength": 0, - "type": "string" - } - }, - "required": [ - "Key" - ], - "type": "object" - }, - "TargetTrackingScalingPolicy": { - "additionalProperties": false, - "properties": { - "PredefinedMetricType": { - "$ref": "#/definitions/CapacityProviderPredefinedMetricType" - }, - "TargetValue": { - "maximum": 100.0, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "PredefinedMetricType", - "TargetValue" - ], - "type": "object" - } - }, - "primaryIdentifier": [ - "/properties/CapacityProviderName" - ], - "properties": { - "Arn": { - "maxLength": 140, - "minLength": 1, - "pattern": "^arn:aws[a-zA-Z-]*:lambda:(eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:capacity-provider:[a-zA-Z0-9-_]+$", - "type": "string" - }, - "CapacityProviderName": { - "maxLength": 140, - "minLength": 1, - "pattern": "^(arn:aws[a-zA-Z-]*:lambda:(eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:capacity-provider:[a-zA-Z0-9-_]+)|[a-zA-Z0-9-_]+$", - "type": "string" - }, - "CapacityProviderScalingConfig": { - "$ref": "#/definitions/CapacityProviderScalingConfig" - }, - "InstanceRequirements": { - "$ref": "#/definitions/InstanceRequirements" - }, - "KmsKeyArn": { - "format": "AWS::KMS::Key.Arn", - "maxLength": 10000, - "minLength": 0, - "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", - "type": "string" - }, - "PermissionsConfig": { - "$ref": "#/definitions/CapacityProviderPermissionsConfig" - }, - "State": { - "$ref": "#/definitions/CapacityProviderState" - }, - "Tags": { - "insertionOrder": false, - "items": { - "$ref": "#/definitions/Tag" - }, - "type": "array", - "uniqueItems": true - }, - "VpcConfig": { - "$ref": "#/definitions/CapacityProviderVpcConfig" - } - }, - "readOnlyProperties": [ - "/properties/State", - "/properties/Arn" - ], - "required": [ - "PermissionsConfig", - "VpcConfig" - ], - "tagging": { - "cloudFormationSystemTags": true, - "tagOnCreate": true, - "tagProperty": "/properties/Tags", - "tagUpdatable": true, - "taggable": true - }, - "typeName": "AWS::Lambda::CapacityProvider" -} diff --git a/src/cfnlint/data/schemas/resources/554cec6192159770.json b/src/cfnlint/data/schemas/resources/554cec6192159770.json new file mode 100644 index 0000000000..4a7c509fbd --- /dev/null +++ b/src/cfnlint/data/schemas/resources/554cec6192159770.json @@ -0,0 +1,3401 @@ +{ + "additionalProperties": false, + "definitions": { + "AWS::CodeDeploy::DeploymentGroup.TriggerConfig": { + "additionalProperties": false, + "properties": { + "TriggerEvents": { + "items": { + "type": "string" + }, + "type": "array" + }, + "TriggerName": { + "type": "string" + }, + "TriggerTargetArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Lambda::Alias.ProvisionedConcurrencyConfiguration": { + "additionalProperties": false, + "properties": { + "ProvisionedConcurrentExecutions": { + "type": "number" + } + }, + "required": [ + "ProvisionedConcurrentExecutions" + ], + "type": "object" + }, + "AWS::Lambda::EventSourceMapping.DestinationConfig": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "$ref": "#/definitions/AWS::Lambda::EventSourceMapping.OnFailure" + } + }, + "type": "object" + }, + "AWS::Lambda::EventSourceMapping.OnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Lambda::Function.DurableConfig": { + "additionalProperties": false, + "properties": { + "ExecutionTimeout": { + "type": "number" + }, + "RetentionPeriodInDays": { + "type": "number" + } + }, + "required": [ + "ExecutionTimeout" + ], + "type": "object" + }, + "AWS::Lambda::Function.Environment": { + "additionalProperties": false, + "properties": { + "Variables": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "AWS::Lambda::Function.EphemeralStorage": { + "additionalProperties": false, + "properties": { + "Size": { + "type": "number" + } + }, + "required": [ + "Size" + ], + "type": "object" + }, + "AWS::Lambda::Function.FileSystemConfig": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "LocalMountPath": { + "type": "string" + } + }, + "required": [ + "Arn", + "LocalMountPath" + ], + "type": "object" + }, + "AWS::Lambda::Function.FunctionScalingConfig": { + "additionalProperties": false, + "properties": { + "MaxExecutionEnvironments": { + "type": "number" + }, + "MinExecutionEnvironments": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::Lambda::Function.ImageConfig": { + "additionalProperties": false, + "properties": { + "Command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EntryPoint": { + "items": { + "type": "string" + }, + "type": "array" + }, + "WorkingDirectory": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Lambda::Function.LoggingConfig": { + "additionalProperties": false, + "properties": { + "ApplicationLogLevel": { + "type": "string" + }, + "LogFormat": { + "type": "string" + }, + "LogGroup": { + "type": "string" + }, + "SystemLogLevel": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Lambda::Function.TenancyConfig": { + "additionalProperties": false, + "properties": { + "TenantIsolationMode": { + "type": "string" + } + }, + "required": [ + "TenantIsolationMode" + ], + "type": "object" + }, + "AlexaSkillEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/AlexaSkillEventProperties" + } + ] + }, + "Type": { + "enum": [ + "AlexaSkill" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AlexaSkillEventProperties": { + "additionalProperties": false, + "properties": { + "SkillId": { + "type": "string" + } + }, + "type": "object" + }, + "ApiAuth": { + "additionalProperties": false, + "properties": { + "ApiKeyRequired": { + "type": "boolean" + }, + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Authorizer": { + "type": "string" + }, + "InvokeRole": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "OverrideApiAuth": { + "type": "boolean" + }, + "ResourcePolicy": { + "allOf": [ + { + "$ref": "#/definitions/ResourcePolicy" + } + ] + } + }, + "type": "object" + }, + "ApiEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/ApiEventProperties" + } + ] + }, + "Type": { + "enum": [ + "Api" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ApiEventProperties": { + "additionalProperties": false, + "properties": { + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/ApiAuth" + } + ] + }, + "Method": { + "type": "string" + }, + "Path": { + "type": "string" + }, + "RequestModel": { + "allOf": [ + { + "$ref": "#/definitions/RequestModel" + } + ] + }, + "RequestParameters": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": { + "$ref": "#/definitions/RequestParameters" + }, + "type": "object" + } + ] + }, + "type": "array" + }, + "ResponseTransferMode": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RestApiId": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/Ref" + } + ] + }, + "TimeoutInMillis": { + "type": "number" + } + }, + "required": [ + "Method", + "Path" + ], + "type": "object" + }, + "CapacityProviderConfig": { + "additionalProperties": false, + "properties": { + "Arn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ExecutionEnvironmentMemoryGiBPerVCpu": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + }, + { + "type": "number" + } + ] + }, + "PerExecutionEnvironmentMaxConcurrency": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + } + }, + "required": [ + "Arn" + ], + "type": "object" + }, + "CloudWatchEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/CloudWatchEventProperties" + } + ] + }, + "Type": { + "enum": [ + "CloudWatchEvent" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "CloudWatchEventProperties": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "EventBusName": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputPath": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Pattern": { + "type": [ + "string", + "object" + ] + }, + "State": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + }, + "type": "object" + }, + "CloudWatchLogsEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/CloudWatchLogsEventProperties" + } + ] + }, + "Type": { + "enum": [ + "CloudWatchLogs" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "CloudWatchLogsEventProperties": { + "additionalProperties": false, + "properties": { + "FilterPattern": { + "maxLength": 1024, + "minLength": 0, + "type": "string" + }, + "LogGroupName": { + "format": "AWS::Logs::LogGroup.Name", + "maxLength": 512, + "minLength": 1, + "pattern": "^[\\.\\-_/#A-Za-z0-9]+$", + "type": "string" + } + }, + "required": [ + "FilterPattern", + "LogGroupName" + ], + "type": "object" + }, + "CodeUri": { + "additionalProperties": false, + "properties": { + "Bucket": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Key": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Version": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "Bucket", + "Key" + ], + "type": "object" + }, + "CognitoEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/CognitoEventProperties" + } + ] + }, + "Type": { + "enum": [ + "Cognito" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "CognitoEventProperties": { + "additionalProperties": false, + "properties": { + "Trigger": { + "additionalProperties": false, + "properties": { + "CreateAuthChallenge": { + "type": "string" + }, + "CustomEmailSender": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "CustomMessage": { + "type": "string" + }, + "CustomSMSSender": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "DefineAuthChallenge": { + "type": "string" + }, + "InboundFederation": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "KMSKeyID": { + "type": "string" + }, + "PostAuthentication": { + "type": "string" + }, + "PostConfirmation": { + "type": "string" + }, + "PreAuthentication": { + "type": "string" + }, + "PreSignUp": { + "type": "string" + }, + "PreTokenGeneration": { + "type": "string" + }, + "PreTokenGenerationConfig": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "LambdaVersion": { + "type": "string" + } + }, + "type": "object" + }, + "UserMigration": { + "type": "string" + }, + "VerifyAuthChallengeResponse": { + "type": "string" + } + }, + "type": "object" + }, + "UserPool": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "Trigger", + "UserPool" + ], + "type": "object" + }, + "DeadLetterConfig": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "QueueLogicalId": { + "type": "string" + }, + "Type": { + "enum": [ + "SQS" + ], + "type": "string" + } + }, + "type": "object" + }, + "DeadLetterQueue": { + "additionalProperties": false, + "properties": { + "TargetArn": { + "type": "string" + }, + "Type": { + "enum": [ + "SNS", + "SQS" + ], + "type": "string" + } + }, + "required": [ + "TargetArn", + "Type" + ], + "type": "object" + }, + "DeploymentPreference": { + "additionalProperties": false, + "properties": { + "Alarms": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "type": "object" + }, + "type": "array" + } + ] + }, + "Enabled": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "boolean" + } + ] + }, + "Hooks": { + "allOf": [ + { + "$ref": "#/definitions/Hooks" + } + ] + }, + "PassthroughCondition": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "boolean" + } + ] + }, + "Role": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "TriggerConfigurations": { + "items": { + "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" + }, + "type": "array" + }, + "Type": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "DocumentDBEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/DocumentDBEventProperties" + } + ] + }, + "Type": { + "enum": [ + "DocumentDB" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "DocumentDBEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Cluster": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "CollectionName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DatabaseName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Enabled": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "FilterCriteria": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "FullDocument": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "KmsKeyArn": { + "type": "string" + }, + "MaximumBatchingWindowInSeconds": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "SecretsManagerKmsKeyId": { + "type": "string" + }, + "SourceAccessConfigurations": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "StartingPosition": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "StartingPositionTimestamp": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Cluster", + "DatabaseName", + "SourceAccessConfigurations" + ], + "type": "object" + }, + "DynamoDBEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/DynamoDBEventProperties" + } + ] + }, + "Type": { + "enum": [ + "DynamoDB" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "DynamoDBEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, + "BisectBatchOnFunctionError": { + "type": "boolean" + }, + "DestinationConfig": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "maxLength": 1024, + "minLength": 12, + "pattern": "^$|kafka://([^.]([a-zA-Z0-9\\-_.]{0,248}))|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "FunctionResponseTypes": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + }, + "KmsKeyArn": { + "type": "string" + }, + "MaximumBatchingWindowInSeconds": { + "maximum": 300, + "minimum": 0, + "type": "integer" + }, + "MaximumRecordAgeInSeconds": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + }, + "MaximumRetryAttempts": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + }, + "MetricsConfig": { + "$ref": "#/definitions/PassThroughProp" + }, + "ParallelizationFactor": { + "maximum": 10, + "minimum": 1, + "type": "integer" + }, + "StartingPosition": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + }, + "StartingPositionTimestamp": { + "type": "number" + }, + "Stream": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + }, + "TumblingWindowInSeconds": { + "maximum": 900, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "Stream" + ], + "type": "object" + }, + "EventBridgeRuleEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/EventBridgeRuleEventProperties" + } + ] + }, + "Type": { + "enum": [ + "EventBridgeRule" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "EventBridgeRuleEventProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "EventBusName": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputPath": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputTransformer": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Pattern": { + "type": [ + "string", + "object" + ] + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RuleName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "State": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + }, + "Target": { + "allOf": [ + { + "$ref": "#/definitions/EventBridgeRuleTarget" + } + ] + } + }, + "required": [ + "Pattern" + ], + "type": "object" + }, + "EventBridgeRuleTarget": { + "additionalProperties": false, + "properties": { + "Id": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Id" + ], + "type": "object" + }, + "EventInvokeConfig": { + "additionalProperties": false, + "properties": { + "DestinationConfig": { + "allOf": [ + { + "$ref": "#/definitions/EventInvokeDestinationConfig" + } + ] + }, + "MaximumEventAgeInSeconds": { + "type": "integer" + }, + "MaximumRetryAttempts": { + "type": "integer" + } + }, + "type": "object" + }, + "EventInvokeDestinationConfig": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "allOf": [ + { + "$ref": "#/definitions/EventInvokeOnFailure" + } + ] + }, + "OnSuccess": { + "allOf": [ + { + "$ref": "#/definitions/EventInvokeOnSuccess" + } + ] + } + }, + "type": "object" + }, + "EventInvokeOnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Type": { + "enum": [ + "SQS", + "SNS", + "Lambda", + "EventBridge", + "S3Bucket" + ], + "type": "string" + } + }, + "type": "object" + }, + "EventInvokeOnSuccess": { + "additionalProperties": false, + "properties": { + "Destination": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Type": { + "enum": [ + "SQS", + "SNS", + "Lambda", + "EventBridge", + "S3Bucket" + ], + "type": "string" + } + }, + "type": "object" + }, + "EventsScheduleProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "Description": { + "maxLength": 512, + "minLength": 0, + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Schedule": { + "maxLength": 256, + "minLength": 0, + "type": "string" + }, + "State": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + } + }, + "type": "object" + }, + "FunctionUrlConfig": { + "additionalProperties": false, + "properties": { + "AuthType": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Cors": { + "additionalProperties": false, + "properties": { + "AllowCredentials": { + "type": "boolean" + }, + "AllowHeaders": { + "insertionOrder": true, + "items": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "AllowMethods": { + "insertionOrder": true, + "items": { + "enum": [ + "GET", + "PUT", + "HEAD", + "POST", + "PATCH", + "DELETE", + "*" + ], + "maxLength": 6, + "minLength": 0, + "type": "string" + }, + "maxItems": 6, + "minItems": 1, + "type": "array" + }, + "AllowOrigins": { + "insertionOrder": true, + "items": { + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "ExposeHeaders": { + "insertionOrder": true, + "items": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + }, + "maxItems": 100, + "minItems": 1, + "type": "array" + }, + "MaxAge": { + "maximum": 86400, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "InvokeMode": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "AuthType" + ], + "type": "object" + }, + "Hooks": { + "additionalProperties": false, + "properties": { + "PostTraffic": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "PreTraffic": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "HttpApiAuth": { + "additionalProperties": false, + "properties": { + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Authorizer": { + "type": "string" + } + }, + "type": "object" + }, + "HttpApiEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/HttpApiEventProperties" + } + ] + }, + "Type": { + "enum": [ + "HttpApi" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "HttpApiEventProperties": { + "additionalProperties": false, + "properties": { + "ApiId": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/HttpApiAuth" + } + ] + }, + "Method": { + "type": "string" + }, + "Path": { + "type": "string" + }, + "PayloadFormatVersion": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "RouteSettings": { + "format": "json", + "type": [ + "object", + "string" + ] + }, + "TimeoutInMillis": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + } + }, + "type": "object" + }, + "IoTRuleEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/IoTRuleEventProperties" + } + ] + }, + "Type": { + "enum": [ + "IoTRule" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "IoTRuleEventProperties": { + "additionalProperties": false, + "properties": { + "AwsIotSqlVersion": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Sql": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Sql" + ], + "type": "object" + }, + "KinesisEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/KinesisEventProperties" + } + ] + }, + "Type": { + "enum": [ + "Kinesis" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "KinesisEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, + "BisectBatchOnFunctionError": { + "type": "boolean" + }, + "DestinationConfig": { + "additionalProperties": false, + "properties": { + "OnFailure": { + "additionalProperties": false, + "properties": { + "Destination": { + "maxLength": 1024, + "minLength": 12, + "pattern": "^$|kafka://([^.]([a-zA-Z0-9\\-_.]{0,248}))|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "FunctionResponseTypes": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + }, + "KmsKeyArn": { + "type": "string" + }, + "MaximumBatchingWindowInSeconds": { + "maximum": 300, + "minimum": 0, + "type": "integer" + }, + "MaximumRecordAgeInSeconds": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + }, + "MaximumRetryAttempts": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + }, + "MetricsConfig": { + "$ref": "#/definitions/PassThroughProp" + }, + "ParallelizationFactor": { + "maximum": 10, + "minimum": 1, + "type": "integer" + }, + "StartingPosition": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + }, + "StartingPositionTimestamp": { + "type": "number" + }, + "Stream": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + }, + "TumblingWindowInSeconds": { + "maximum": 900, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "Stream" + ], + "type": "object" + }, + "MQEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/MQEventProperties" + } + ] + }, + "Type": { + "enum": [ + "MQ" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "MQEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, + "Broker": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + }, + "DynamicPolicyName": { + "type": "boolean" + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "KmsKeyArn": { + "type": "string" + }, + "MaximumBatchingWindowInSeconds": { + "maximum": 300, + "minimum": 0, + "type": "integer" + }, + "Queues": { + "items": { + "maxLength": 1000, + "minLength": 1, + "pattern": "[\\s\\S]*", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + }, + "SecretsManagerKmsKeyId": { + "type": "string" + }, + "SourceAccessConfigurations": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "VPC_SUBNET", + "VPC_SECURITY_GROUP", + "SASL_SCRAM_512_AUTH", + "SASL_SCRAM_256_AUTH", + "VIRTUAL_HOST", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 22, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Broker", + "Queues", + "SourceAccessConfigurations" + ], + "type": "object" + }, + "MSKEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/MSKEventProperties" + } + ] + }, + "Type": { + "enum": [ + "MSK" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "MSKEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "type": "number" + }, + "BisectBatchOnFunctionError": { + "type": "boolean" + }, + "ConsumerGroupId": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DestinationConfig": { + "$ref": "#/definitions/AWS::Lambda::EventSourceMapping.DestinationConfig" + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "FunctionResponseTypes": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + }, + "KmsKeyArn": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "type": "string" + }, + "LoggingConfig": { + "additionalProperties": false, + "properties": { + "SystemLogLevel": { + "enum": [ + "DEBUG", + "INFO", + "WARN" + ], + "type": "string" + } + }, + "type": "object" + }, + "MaximumBatchingWindowInSeconds": { + "maximum": 300, + "minimum": 0, + "type": "integer" + }, + "MaximumRecordAgeInSeconds": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + }, + "MaximumRetryAttempts": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + }, + "MetricsConfig": { + "additionalProperties": false, + "properties": { + "Metrics": { + "items": { + "enum": [ + "EventCount", + "ErrorCount", + "KafkaMetrics" + ], + "type": "string" + }, + "maxItems": 3, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "ProvisionedPollerConfig": { + "additionalProperties": false, + "properties": { + "MaximumPollers": { + "maximum": 2000, + "minimum": 1, + "type": "integer" + }, + "MinimumPollers": { + "maximum": 200, + "minimum": 1, + "type": "integer" + }, + "PollerGroupName": { + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + } + }, + "type": "object" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "ConsumerGroupId": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "AccessConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "type": "array", + "uniqueItems": true + }, + "EventRecordFormat": { + "enum": [ + "JSON", + "SOURCE" + ], + "type": "string" + }, + "SchemaRegistryURI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "[a-zA-Z0-9-/*:_+=.@-]*", + "type": "string" + }, + "SchemaValidationConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Attribute": { + "enum": [ + "KEY", + "VALUE" + ], + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "SourceAccessConfigurations": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "StartingPosition": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + }, + "StartingPositionTimestamp": { + "type": "number" + }, + "Stream": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + }, + "Topics": { + "items": { + "maxLength": 249, + "minLength": 1, + "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "Stream", + "Topics" + ], + "type": "object" + }, + "PassThroughProp": {}, + "Ref": { + "additionalProperties": false, + "properties": { + "Ref": { + "type": "string" + } + }, + "required": [ + "Ref" + ], + "type": "object" + }, + "RequestModel": { + "additionalProperties": false, + "properties": { + "Model": { + "type": "string" + }, + "Required": { + "type": "boolean" + }, + "ValidateBody": { + "type": "boolean" + }, + "ValidateParameters": { + "type": "boolean" + } + }, + "required": [ + "Model" + ], + "type": "object" + }, + "RequestParameters": { + "additionalProperties": false, + "properties": { + "Caching": { + "type": "boolean" + }, + "Required": { + "type": "boolean" + } + }, + "type": "object" + }, + "ResourcePolicy": { + "additionalProperties": false, + "properties": { + "AwsAccountBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "AwsAccountWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "CustomStatements": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + }, + "type": "object" + }, + "S3Event": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/S3EventProperties" + } + ] + }, + "Type": { + "enum": [ + "S3" + ], + "type": "string" + } + }, + "required": [ + "Properties", + "Type" + ], + "type": "object" + }, + "S3EventProperties": { + "additionalProperties": false, + "properties": { + "Bucket": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Events": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Filter": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Bucket", + "Events" + ], + "type": "object" + }, + "SNSEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/SNSEventProperties" + } + ] + }, + "Type": { + "enum": [ + "SNS" + ], + "type": "string" + } + }, + "required": [ + "Properties", + "Type" + ], + "type": "object" + }, + "SNSEventProperties": { + "additionalProperties": false, + "properties": { + "FilterPolicy": { + "type": [ + "object", + "string" + ] + }, + "FilterPolicyScope": { + "type": "string" + }, + "Region": { + "type": "string" + }, + "SqsSubscription": { + "anyOf": [ + { + "type": "boolean" + }, + { + "$ref": "#/definitions/SqsSubscription" + } + ] + }, + "Topic": { + "format": "AWS::SNS::Topic.Arn", + "type": "string" + } + }, + "required": [ + "Topic" + ], + "type": "object" + }, + "SQSEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/SQSEventProperties" + } + ] + }, + "Type": { + "enum": [ + "SQS" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "SQSEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "FunctionResponseTypes": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + }, + "KmsKeyArn": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 12, + "pattern": "(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()", + "type": "string" + }, + "MaximumBatchingWindowInSeconds": { + "maximum": 300, + "minimum": 0, + "type": "integer" + }, + "MetricsConfig": { + "$ref": "#/definitions/PassThroughProp" + }, + "Queue": { + "maxLength": 1024, + "minLength": 12, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + }, + "ScalingConfig": { + "$ref": "#/definitions/PassThroughProp" + } + }, + "required": [ + "Queue" + ], + "type": "object" + }, + "ScheduleEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/EventsScheduleProperties" + } + ] + }, + "Type": { + "enum": [ + "Schedule" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ScheduleV2Event": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduleV2EventProperties" + } + ] + }, + "Type": { + "enum": [ + "ScheduleV2" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ScheduleV2EventProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "Description": { + "maxLength": 512, + "minLength": 0, + "type": "string" + }, + "EndDate": { + "format": "date-time", + "type": "string" + }, + "FlexibleTimeWindow": { + "additionalProperties": false, + "properties": { + "MaximumWindowInMinutes": { + "maximum": 1440, + "minimum": 1, + "type": "number" + }, + "Mode": { + "enum": [ + "OFF", + "FLEXIBLE" + ], + "type": "string" + } + }, + "required": [ + "Mode" + ], + "type": "object" + }, + "GroupName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "KmsKeyArn": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws[a-z-]*:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", + "type": "string" + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + }, + "OmitName": { + "type": "boolean" + }, + "PermissionsBoundary": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RoleArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ScheduleExpression": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "ScheduleExpressionTimezone": { + "maxLength": 50, + "minLength": 1, + "type": "string" + }, + "StartDate": { + "format": "date-time", + "type": "string" + }, + "State": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + "type": "object" + }, + "SelfManagedKafkaEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/SelfManagedKafkaEventProperties" + } + ] + }, + "Type": { + "enum": [ + "SelfManagedKafka" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "SelfManagedKafkaEventProperties": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "maximum": 10000, + "minimum": 1, + "type": "integer" + }, + "BisectBatchOnFunctionError": { + "type": "boolean" + }, + "ConsumerGroupId": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Enabled": { + "type": "boolean" + }, + "FilterCriteria": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "additionalProperties": false, + "properties": { + "Pattern": { + "maxLength": 4096, + "minLength": 0, + "pattern": ".*", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 20, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "FunctionResponseTypes": { + "items": { + "enum": [ + "ReportBatchItemFailures" + ], + "type": "string" + }, + "maxItems": 1, + "maxLength": 1, + "minItems": 0, + "minLength": 0, + "type": "array", + "uniqueItems": true + }, + "KafkaBootstrapServers": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "KmsKeyArn": { + "type": "string" + }, + "LoggingConfig": { + "additionalProperties": false, + "properties": { + "SystemLogLevel": { + "enum": [ + "DEBUG", + "INFO", + "WARN" + ], + "type": "string" + } + }, + "type": "object" + }, + "MaximumRecordAgeInSeconds": { + "maximum": 604800, + "minimum": -1, + "type": "integer" + }, + "MaximumRetryAttempts": { + "maximum": 10000, + "minimum": -1, + "type": "integer" + }, + "MetricsConfig": { + "additionalProperties": false, + "properties": { + "Metrics": { + "items": { + "enum": [ + "EventCount", + "ErrorCount", + "KafkaMetrics" + ], + "type": "string" + }, + "maxItems": 3, + "minItems": 0, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + }, + "ProvisionedPollerConfig": { + "additionalProperties": false, + "properties": { + "MaximumPollers": { + "maximum": 2000, + "minimum": 1, + "type": "integer" + }, + "MinimumPollers": { + "maximum": 200, + "minimum": 1, + "type": "integer" + }, + "PollerGroupName": { + "maxLength": 128, + "minLength": 0, + "pattern": "^[a-zA-Z0-9-_]*$", + "type": "string" + } + }, + "type": "object" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "ConsumerGroupId": { + "maxLength": 200, + "minLength": 1, + "pattern": "[a-zA-Z0-9-\\/*:_+=.@-]*", + "type": "string" + }, + "SchemaRegistryConfig": { + "additionalProperties": false, + "properties": { + "AccessConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Type": { + "enum": [ + "BASIC_AUTH", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ], + "type": "string" + }, + "URI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "type": "array", + "uniqueItems": true + }, + "EventRecordFormat": { + "enum": [ + "JSON", + "SOURCE" + ], + "type": "string" + }, + "SchemaRegistryURI": { + "maxLength": 10000, + "minLength": 1, + "pattern": "[a-zA-Z0-9-/*:_+=.@-]*", + "type": "string" + }, + "SchemaValidationConfigs": { + "items": { + "additionalProperties": false, + "properties": { + "Attribute": { + "enum": [ + "KEY", + "VALUE" + ], + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "SourceAccessConfigurations": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "StartingPosition": { + "maxLength": 12, + "minLength": 6, + "pattern": "(LATEST|TRIM_HORIZON|AT_TIMESTAMP)+", + "type": "string" + }, + "StartingPositionTimestamp": { + "type": "number" + }, + "Topics": { + "items": { + "maxLength": 249, + "minLength": 1, + "pattern": "^[^.]([a-zA-Z0-9\\-_.]+)", + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "SourceAccessConfigurations", + "Topics" + ], + "type": "object" + }, + "SqsSubscription": { + "additionalProperties": false, + "properties": { + "BatchSize": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Enabled": { + "type": "boolean" + }, + "QueueArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "QueuePolicyLogicalId": { + "type": "string" + }, + "QueueUrl": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "QueueArn", + "QueueUrl" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/FunctionName" + ], + "properties": { + "Architectures": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Arn": { + "format": "AWS::Lambda::Function.Arn", + "type": "string" + }, + "AssumeRolePolicyDocument": { + "type": "object" + }, + "AutoPublishAlias": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "AutoPublishAliasAllProperties": { + "type": "boolean" + }, + "AutoPublishCodeSha256": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "CapacityProviderConfig": { + "allOf": [ + { + "$ref": "#/definitions/CapacityProviderConfig" + } + ] + }, + "CodeSigningConfigArn": { + "type": "string" + }, + "CodeUri": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/CodeUri" + } + ] + }, + "DeadLetterQueue": { + "anyOf": [ + { + "type": "object" + }, + { + "$ref": "#/definitions/DeadLetterQueue" + } + ] + }, + "DeploymentPreference": { + "allOf": [ + { + "$ref": "#/definitions/DeploymentPreference" + } + ] + }, + "Description": { + "type": "string" + }, + "DurableConfig": { + "$ref": "#/definitions/AWS::Lambda::Function.DurableConfig" + }, + "Environment": { + "$ref": "#/definitions/AWS::Lambda::Function.Environment" + }, + "EphemeralStorage": { + "$ref": "#/definitions/AWS::Lambda::Function.EphemeralStorage" + }, + "EventInvokeConfig": { + "allOf": [ + { + "$ref": "#/definitions/EventInvokeConfig" + } + ] + }, + "Events": { + "additionalProperties": { + "anyOf": [ + { + "$ref": "#/definitions/S3Event" + }, + { + "$ref": "#/definitions/SNSEvent" + }, + { + "$ref": "#/definitions/KinesisEvent" + }, + { + "$ref": "#/definitions/DynamoDBEvent" + }, + { + "$ref": "#/definitions/DocumentDBEvent" + }, + { + "$ref": "#/definitions/SQSEvent" + }, + { + "$ref": "#/definitions/ApiEvent" + }, + { + "$ref": "#/definitions/ScheduleEvent" + }, + { + "$ref": "#/definitions/ScheduleV2Event" + }, + { + "$ref": "#/definitions/CloudWatchEvent" + }, + { + "$ref": "#/definitions/EventBridgeRuleEvent" + }, + { + "$ref": "#/definitions/CloudWatchLogsEvent" + }, + { + "$ref": "#/definitions/IoTRuleEvent" + }, + { + "$ref": "#/definitions/AlexaSkillEvent" + }, + { + "$ref": "#/definitions/CognitoEvent" + }, + { + "$ref": "#/definitions/HttpApiEvent" + }, + { + "$ref": "#/definitions/MSKEvent" + }, + { + "$ref": "#/definitions/MQEvent" + }, + { + "$ref": "#/definitions/SelfManagedKafkaEvent" + } + ] + }, + "type": "object" + }, + "FileSystemConfigs": { + "items": { + "$ref": "#/definitions/AWS::Lambda::Function.FileSystemConfig" + }, + "type": "array" + }, + "FunctionName": { + "type": "string" + }, + "FunctionScalingConfig": { + "$ref": "#/definitions/AWS::Lambda::Function.FunctionScalingConfig" + }, + "FunctionUrlConfig": { + "allOf": [ + { + "$ref": "#/definitions/FunctionUrlConfig" + } + ] + }, + "Handler": { + "type": "string" + }, + "ImageConfig": { + "$ref": "#/definitions/AWS::Lambda::Function.ImageConfig" + }, + "ImageUri": { + "type": "string" + }, + "InlineCode": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "KmsKeyArn": { + "format": "AWS::KMS::Key.Arn", + "pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$", + "type": "string" + }, + "Layers": { + "items": { + "minLength": 1, + "pattern": "^arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\\d{12}:layer:[a-zA-Z0-9-_]+:[0-9]+$", + "type": "string" + }, + "maxItems": 5, + "type": "array", + "uniqueItems": false + }, + "LoggingConfig": { + "$ref": "#/definitions/AWS::Lambda::Function.LoggingConfig" + }, + "MemorySize": { + "maximum": 32768, + "minimum": 128, + "type": "integer" + }, + "PackageType": { + "enum": [ + "Image", + "Zip" + ], + "type": "string" + }, + "PermissionsBoundary": { + "type": "string" + }, + "Policies": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "ProvisionedConcurrencyConfig": { + "$ref": "#/definitions/AWS::Lambda::Alias.ProvisionedConcurrencyConfiguration" + }, + "PublishToLatestPublished": { + "type": "boolean" + }, + "RecursiveLoop": { + "type": "string" + }, + "ReservedConcurrentExecutions": { + "minimum": 0, + "type": "integer" + }, + "Role": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "RolePath": { + "type": "string" + }, + "Runtime": { + "type": "string" + }, + "RuntimeManagementConfig": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "SnapStart": { + "additionalProperties": false, + "properties": { + "ApplyOn": { + "enum": [ + "PublishedVersions", + "None" + ], + "type": "string" + } + }, + "required": [ + "ApplyOn" + ], + "type": "object" + }, + "SnapStartResponse": { + "additionalProperties": false, + "properties": { + "ApplyOn": { + "enum": [ + "PublishedVersions", + "None" + ], + "type": "string" + }, + "OptimizationStatus": { + "enum": [ + "On", + "Off" + ], + "type": "string" + } + }, + "type": "object" + }, + "SourceKMSKeyArn": { + "type": "string" + }, + "Tags": { + "type": "object" + }, + "TenancyConfig": { + "$ref": "#/definitions/AWS::Lambda::Function.TenancyConfig" + }, + "Timeout": { + "maximum": 900, + "minimum": 1, + "type": "integer" + }, + "Tracing": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "Active", + "PassThrough", + "Disabled" + ], + "type": "string" + } + ] + }, + "VersionDeletionPolicy": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + }, + { + "type": "boolean" + } + ] + }, + "VersionDescription": { + "maxLength": 256, + "minLength": 0, + "type": "string" + }, + "VpcConfig": { + "additionalProperties": false, + "properties": { + "Ipv6AllowedForDualStack": { + "type": "boolean" + }, + "SecurityGroupIds": { + "format": "AWS::EC2::SecurityGroup.Ids", + "items": { + "format": "AWS::EC2::SecurityGroup.Id", + "type": "string" + }, + "maxItems": 5, + "minItems": 0, + "type": "array", + "uniqueItems": false + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "maxItems": 16, + "minItems": 0, + "type": "array", + "uniqueItems": false + } + }, + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/SnapStartResponse", + "/properties/SnapStartResponse/ApplyOn", + "/properties/SnapStartResponse/OptimizationStatus", + "/properties/Arn" + ], + "typeName": "AWS::Serverless::Function" +} diff --git a/src/cfnlint/data/schemas/resources/81e13008dbf1beb7.json b/src/cfnlint/data/schemas/resources/81e13008dbf1beb7.json new file mode 100644 index 0000000000..3d97e7147a --- /dev/null +++ b/src/cfnlint/data/schemas/resources/81e13008dbf1beb7.json @@ -0,0 +1,354 @@ +{ + "additionalProperties": false, + "definitions": { + "AuthConfig": { + "additionalProperties": false, + "properties": { + "AuthArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "AuthType": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "IdentitySource": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InvokeRole": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Name": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "AuthType" + ], + "type": "object" + }, + "Domain": { + "additionalProperties": false, + "properties": { + "BasePath": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CertificateArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DomainName": { + "type": "string" + }, + "EndpointConfiguration": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "REGIONAL" + ], + "type": "string" + } + ] + }, + "MutualTlsAuthentication": { + "additionalProperties": false, + "properties": { + "TruststoreUri": { + "type": "string" + }, + "TruststoreVersion": { + "type": "string" + } + }, + "type": "object" + }, + "OwnershipVerificationCertificateArn": { + "type": "string" + }, + "Route53": { + "allOf": [ + { + "$ref": "#/definitions/Route53" + } + ] + }, + "SecurityPolicy": { + "type": "string" + } + }, + "required": [ + "CertificateArn", + "DomainName" + ], + "type": "object" + }, + "PassThroughProp": {}, + "Route53": { + "additionalProperties": false, + "properties": { + "EvaluateTargetHealth": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "HostedZoneId": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "HostedZoneName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "IpV6": { + "type": "boolean" + }, + "Region": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "SetIdentifier": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "type": "object" + }, + "WebSocketApiRoute": { + "additionalProperties": false, + "properties": { + "ApiKeyRequired": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "FunctionArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "IntegrationTimeout": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ModelSelectionExpression": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "OperationName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RequestModels": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RequestParameters": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RouteResponseSelectionExpression": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "FunctionArn" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/ApiId" + ], + "properties": { + "AccessLogSettings": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ApiEndpoint": { + "type": "string" + }, + "ApiId": { + "type": "string" + }, + "ApiKeySelectionExpression": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/AuthConfig" + } + ] + }, + "DefaultRouteSettings": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Description": { + "type": "string" + }, + "DisableExecuteApiEndpoint": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DisableSchemaValidation": { + "type": "boolean" + }, + "Domain": { + "allOf": [ + { + "$ref": "#/definitions/Domain" + } + ] + }, + "IpAddressType": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Name": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "RouteSelectionExpression": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RouteSettings": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Routes": { + "additionalProperties": { + "$ref": "#/definitions/WebSocketApiRoute" + }, + "type": "object" + }, + "StageName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "StageVariables": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Tags": { + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/ApiId", + "/properties/ApiEndpoint" + ], + "required": [ + "Routes", + "RouteSelectionExpression" + ], + "typeName": "AWS::Serverless::WebSocketApi" +} diff --git a/src/cfnlint/data/schemas/resources/9642a84515d09fb5.json b/src/cfnlint/data/schemas/resources/9642a84515d09fb5.json new file mode 100644 index 0000000000..1c278302bc --- /dev/null +++ b/src/cfnlint/data/schemas/resources/9642a84515d09fb5.json @@ -0,0 +1,215 @@ +{ + "additionalProperties": false, + "definitions": { + "InstanceRequirements": { + "additionalProperties": false, + "properties": { + "AllowedTypes": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + }, + "Architectures": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + }, + "ExcludedTypes": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + } + }, + "type": "object" + }, + "PassThroughProp": {}, + "ScalingConfig": { + "additionalProperties": false, + "properties": { + "AverageCPUUtilization": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "number" + } + ] + }, + "MaxVCpuCount": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + } + }, + "type": "object" + }, + "VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupIds": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + }, + "SubnetIds": { + "anyOf": [ + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + } + }, + "required": [ + "SubnetIds" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/CapacityProviderName" + ], + "properties": { + "Arn": { + "maxLength": 140, + "minLength": 1, + "pattern": "^arn:aws[a-zA-Z-]*:lambda:(eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:capacity-provider:[a-zA-Z0-9-_]+$", + "type": "string" + }, + "CapacityProviderName": { + "type": "string" + }, + "InstanceRequirements": { + "allOf": [ + { + "$ref": "#/definitions/InstanceRequirements" + } + ] + }, + "KmsKeyArn": { + "type": "string" + }, + "OperatorRole": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "ScalingConfig": { + "allOf": [ + { + "$ref": "#/definitions/ScalingConfig" + } + ] + }, + "State": { + "enum": [ + "Pending", + "Active", + "Failed", + "Deleting" + ], + "type": "string" + }, + "Tags": { + "type": "object" + }, + "VpcConfig": { + "allOf": [ + { + "$ref": "#/definitions/VpcConfig" + } + ] + } + }, + "readOnlyProperties": [ + "/properties/State", + "/properties/Arn" + ], + "required": [ + "VpcConfig" + ], + "typeName": "AWS::Serverless::CapacityProvider" +} diff --git a/src/cfnlint/data/schemas/resources/9aebe136ff9b8f6d.json b/src/cfnlint/data/schemas/resources/9aebe136ff9b8f6d.json new file mode 100644 index 0000000000..70e3bb4ef6 --- /dev/null +++ b/src/cfnlint/data/schemas/resources/9aebe136ff9b8f6d.json @@ -0,0 +1,389 @@ +{ + "additionalProperties": false, + "definitions": { + "Auth": { + "additionalProperties": false, + "properties": { + "Authorizers": { + "additionalProperties": { + "anyOf": [ + { + "$ref": "#/definitions/OAuth2Authorizer" + }, + { + "$ref": "#/definitions/LambdaAuthorizer" + } + ] + }, + "type": "object" + }, + "DefaultAuthorizer": { + "type": "string" + }, + "EnableIamAuthorizer": { + "type": "boolean" + } + }, + "type": "object" + }, + "DefinitionUri": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "Key": { + "type": "string" + }, + "Version": { + "type": "string" + } + }, + "required": [ + "Bucket", + "Key" + ], + "type": "object" + }, + "Domain": { + "additionalProperties": false, + "properties": { + "BasePath": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CertificateArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DomainName": { + "type": "string" + }, + "EndpointConfiguration": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "REGIONAL" + ], + "type": "string" + } + ] + }, + "MutualTlsAuthentication": { + "additionalProperties": false, + "properties": { + "TruststoreUri": { + "type": "string" + }, + "TruststoreVersion": { + "type": "string" + } + }, + "type": "object" + }, + "OwnershipVerificationCertificateArn": { + "type": "string" + }, + "Route53": { + "allOf": [ + { + "$ref": "#/definitions/Route53" + } + ] + }, + "SecurityPolicy": { + "type": "string" + } + }, + "required": [ + "CertificateArn", + "DomainName" + ], + "type": "object" + }, + "LambdaAuthorizer": { + "additionalProperties": false, + "properties": { + "AuthorizerPayloadFormatVersion": { + "anyOf": [ + { + "enum": [ + "1.0", + "2.0" + ], + "type": "string" + }, + { + "type": "number" + } + ] + }, + "EnableFunctionDefaultPermissions": { + "type": "boolean" + }, + "EnableSimpleResponses": { + "type": "boolean" + }, + "FunctionArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "FunctionInvokeRole": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Identity": { + "allOf": [ + { + "$ref": "#/definitions/LambdaAuthorizerIdentity" + } + ] + } + }, + "required": [ + "AuthorizerPayloadFormatVersion", + "FunctionArn" + ], + "type": "object" + }, + "LambdaAuthorizerIdentity": { + "additionalProperties": false, + "properties": { + "Context": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Headers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "QueryStrings": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ReauthorizeEvery": { + "type": "integer" + }, + "StageVariables": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "OAuth2Authorizer": { + "additionalProperties": false, + "properties": { + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IdentitySource": { + "type": "string" + }, + "JwtConfiguration": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "type": "object" + }, + "PassThroughProp": {}, + "Route53": { + "additionalProperties": false, + "properties": { + "DistributionDomainName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "EvaluateTargetHealth": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "HostedZoneId": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "HostedZoneName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "IpV6": { + "type": "boolean" + }, + "Region": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "SetIdentifier": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/ApiId" + ], + "properties": { + "AccessLogSettings": { + "additionalProperties": false, + "properties": { + "DestinationArn": { + "type": "string" + }, + "Format": { + "type": "string" + } + }, + "type": "object" + }, + "ApiEndpoint": { + "type": "string" + }, + "ApiId": { + "type": "string" + }, + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/Auth" + } + ] + }, + "CorsConfiguration": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DefaultRouteSettings": { + "format": "json", + "type": [ + "object", + "string" + ] + }, + "DefinitionBody": { + "type": "object" + }, + "DefinitionUri": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/DefinitionUri" + } + ] + }, + "Description": { + "type": "string" + }, + "DisableExecuteApiEndpoint": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Domain": { + "allOf": [ + { + "$ref": "#/definitions/Domain" + } + ] + }, + "FailOnWarnings": { + "type": "boolean" + }, + "Name": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "RouteSettings": { + "format": "json", + "type": [ + "object", + "string" + ] + }, + "StageName": { + "type": "string" + }, + "StageVariables": { + "format": "json", + "type": [ + "object", + "string" + ] + }, + "Tags": { + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/ApiId", + "/properties/ApiEndpoint" + ], + "typeName": "AWS::Serverless::HttpApi" +} diff --git a/src/cfnlint/data/schemas/resources/cbe043b60e78821e.json b/src/cfnlint/data/schemas/resources/cbe043b60e78821e.json new file mode 100644 index 0000000000..a0fdd6f5d7 --- /dev/null +++ b/src/cfnlint/data/schemas/resources/cbe043b60e78821e.json @@ -0,0 +1,857 @@ +{ + "additionalProperties": false, + "definitions": { + "AWS::Events::Rule.InputTransformer": { + "additionalProperties": false, + "properties": { + "InputPathsMap": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "InputTemplate": { + "type": "string" + } + }, + "required": [ + "InputTemplate" + ], + "type": "object" + }, + "ApiEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/ApiEventProperties" + } + ] + }, + "Type": { + "enum": [ + "Api" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ApiEventProperties": { + "additionalProperties": false, + "properties": { + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/Auth" + } + ] + }, + "Method": { + "type": "string" + }, + "Path": { + "type": "string" + }, + "RestApiId": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "UnescapeMappingTemplate": { + "type": "boolean" + } + }, + "required": [ + "Method", + "Path" + ], + "type": "object" + }, + "Auth": { + "additionalProperties": false, + "properties": { + "ApiKeyRequired": { + "type": "boolean" + }, + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Authorizer": { + "type": "string" + }, + "ResourcePolicy": { + "allOf": [ + { + "$ref": "#/definitions/ResourcePolicy" + } + ] + } + }, + "type": "object" + }, + "CloudWatchEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/CloudWatchEventProperties" + } + ] + }, + "Type": { + "enum": [ + "CloudWatchEvent" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "CloudWatchEventProperties": { + "additionalProperties": false, + "properties": { + "EventBusName": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputPath": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Pattern": { + "type": [ + "string", + "object" + ] + } + }, + "type": "object" + }, + "DeadLetterConfig": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "QueueLogicalId": { + "type": "string" + }, + "Type": { + "enum": [ + "SQS" + ], + "type": "string" + } + }, + "type": "object" + }, + "EventBridgeRuleEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/EventBridgeRuleEventProperties" + } + ] + }, + "Type": { + "enum": [ + "EventBridgeRule" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "EventBridgeRuleEventProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "EventBusName": { + "maxLength": 1600, + "minLength": 1, + "pattern": "^(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputPath": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "InputTransformer": { + "$ref": "#/definitions/AWS::Events::Rule.InputTransformer" + }, + "Pattern": { + "type": [ + "string", + "object" + ] + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RuleName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "State": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + }, + "Target": { + "allOf": [ + { + "$ref": "#/definitions/EventBridgeRuleTarget" + } + ] + } + }, + "type": "object" + }, + "EventBridgeRuleTarget": { + "additionalProperties": false, + "properties": { + "Id": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Id" + ], + "type": "object" + }, + "PassThroughProp": {}, + "ResourcePolicy": { + "additionalProperties": false, + "properties": { + "AwsAccountBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "AwsAccountWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "CustomStatements": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + }, + "type": "object" + }, + "ScheduleEvent": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduleEventProperties" + } + ] + }, + "Type": { + "enum": [ + "Schedule" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ScheduleEventProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "Description": { + "maxLength": 512, + "minLength": 0, + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[\\.\\-_A-Za-z0-9]+$", + "type": "string" + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RoleArn": { + "type": "string" + }, + "Schedule": { + "maxLength": 256, + "minLength": 0, + "type": "string" + }, + "State": { + "enum": [ + "DISABLED", + "ENABLED", + "ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS" + ], + "type": "string" + }, + "Target": { + "allOf": [ + { + "$ref": "#/definitions/ScheduleTarget" + } + ] + } + }, + "type": "object" + }, + "ScheduleTarget": { + "additionalProperties": false, + "properties": { + "Id": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + } + }, + "required": [ + "Id" + ], + "type": "object" + }, + "ScheduleV2Event": { + "additionalProperties": false, + "properties": { + "Properties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduleV2EventProperties" + } + ] + }, + "Type": { + "enum": [ + "ScheduleV2" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "ScheduleV2EventProperties": { + "additionalProperties": false, + "properties": { + "DeadLetterConfig": { + "allOf": [ + { + "$ref": "#/definitions/DeadLetterConfig" + } + ] + }, + "Description": { + "maxLength": 512, + "minLength": 0, + "type": "string" + }, + "EndDate": { + "format": "date-time", + "type": "string" + }, + "FlexibleTimeWindow": { + "additionalProperties": false, + "properties": { + "MaximumWindowInMinutes": { + "maximum": 1440, + "minimum": 1, + "type": "number" + }, + "Mode": { + "enum": [ + "OFF", + "FLEXIBLE" + ], + "type": "string" + } + }, + "required": [ + "Mode" + ], + "type": "object" + }, + "GroupName": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + }, + "Input": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "KmsKeyArn": { + "format": "AWS::KMS::Key.Arn", + "maxLength": 2048, + "minLength": 1, + "pattern": "^arn:aws[a-z-]*:kms:[a-z0-9\\-]+:\\d{12}:(key|alias)\\/[0-9a-zA-Z-_]*$", + "type": "string" + }, + "Name": { + "maxLength": 64, + "minLength": 1, + "pattern": "^[0-9a-zA-Z-_.]+$", + "type": "string" + }, + "OmitName": { + "type": "boolean" + }, + "PermissionsBoundary": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + }, + "RetryPolicy": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RoleArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "ScheduleExpression": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "ScheduleExpressionTimezone": { + "maxLength": 50, + "minLength": 1, + "type": "string" + }, + "StartDate": { + "format": "date-time", + "type": "string" + }, + "State": { + "enum": [ + "ENABLED", + "DISABLED" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/Arn" + ], + "properties": { + "Arn": { + "maxLength": 2048, + "minLength": 1, + "type": "string" + }, + "AutoPublishAlias": { + "$ref": "#/definitions/PassThroughProp" + }, + "Definition": { + "type": "object" + }, + "DefinitionSubstitutions": { + "type": "object" + }, + "DefinitionUri": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DeploymentPreference": { + "$ref": "#/definitions/PassThroughProp" + }, + "Events": { + "additionalProperties": { + "anyOf": [ + { + "$ref": "#/definitions/ScheduleEvent" + }, + { + "$ref": "#/definitions/ScheduleV2Event" + }, + { + "$ref": "#/definitions/CloudWatchEvent" + }, + { + "$ref": "#/definitions/EventBridgeRuleEvent" + }, + { + "$ref": "#/definitions/ApiEvent" + } + ] + }, + "type": "object" + }, + "Logging": { + "additionalProperties": false, + "properties": { + "Destinations": { + "insertionOrder": false, + "items": { + "additionalProperties": false, + "properties": { + "CloudWatchLogsLogGroup": { + "additionalProperties": false, + "properties": { + "LogGroupArn": { + "maxLength": 256, + "minLength": 1, + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "IncludeExecutionData": { + "type": "boolean" + }, + "Level": { + "enum": [ + "ALL", + "ERROR", + "FATAL", + "OFF" + ], + "type": "string" + } + }, + "type": "object" + }, + "Name": { + "maxLength": 80, + "minLength": 1, + "type": "string" + }, + "PermissionsBoundary": { + "maxLength": 2048, + "minLength": 20, + "type": "string" + }, + "Policies": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + }, + { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + ] + }, + "PropagateTags": { + "type": "boolean" + }, + "Role": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "RolePath": { + "default": "/", + "maxLength": 512, + "minLength": 1, + "pattern": "^(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)$", + "type": "string" + }, + "StateMachineRevisionId": { + "maxLength": 256, + "minLength": 1, + "type": "string" + }, + "Tags": { + "type": "object" + }, + "Tracing": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "STANDARD", + "EXPRESS" + ], + "type": "string" + }, + "UseAliasAsEventTarget": { + "type": "boolean" + } + }, + "readOnlyProperties": [ + "/properties/Arn", + "/properties/Name", + "/properties/StateMachineRevisionId" + ], + "typeName": "AWS::Serverless::StateMachine" +} diff --git a/src/cfnlint/data/schemas/resources/e6affacebe8b0c55.json b/src/cfnlint/data/schemas/resources/e6affacebe8b0c55.json new file mode 100644 index 0000000000..1055834014 --- /dev/null +++ b/src/cfnlint/data/schemas/resources/e6affacebe8b0c55.json @@ -0,0 +1,925 @@ +{ + "additionalProperties": false, + "definitions": { + "AWS::ApiGateway::DomainName.MutualTlsAuthentication": { + "additionalProperties": false, + "properties": { + "TruststoreUri": { + "type": "string" + }, + "TruststoreVersion": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ApiGateway::Stage.AccessLogSetting": { + "additionalProperties": false, + "properties": { + "DestinationArn": { + "type": "string" + }, + "Format": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ApiGateway::Stage.CanarySetting": { + "additionalProperties": false, + "properties": { + "DeploymentId": { + "type": "string" + }, + "PercentTraffic": { + "type": "number" + }, + "StageVariableOverrides": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "UseStageCache": { + "type": "boolean" + } + }, + "type": "object" + }, + "AWS::ApiGateway::Stage.MethodSetting": { + "additionalProperties": false, + "properties": { + "CacheDataEncrypted": { + "type": "boolean" + }, + "CacheTtlInSeconds": { + "type": "number" + }, + "CachingEnabled": { + "type": "boolean" + }, + "DataTraceEnabled": { + "type": "boolean" + }, + "HttpMethod": { + "type": "string" + }, + "LoggingLevel": { + "type": "string" + }, + "MetricsEnabled": { + "type": "boolean" + }, + "ResourcePath": { + "type": "string" + }, + "ThrottlingBurstLimit": { + "type": "number" + }, + "ThrottlingRateLimit": { + "type": "number" + } + }, + "type": "object" + }, + "AccessAssociation": { + "additionalProperties": false, + "properties": { + "VpcEndpointId": { + "type": "string" + } + }, + "required": [ + "VpcEndpointId" + ], + "type": "object" + }, + "Auth": { + "additionalProperties": false, + "properties": { + "AddApiKeyRequiredToCorsPreflight": { + "type": "boolean" + }, + "AddDefaultAuthorizerToCorsPreflight": { + "type": "boolean" + }, + "ApiKeyRequired": { + "type": "boolean" + }, + "Authorizers": { + "additionalProperties": { + "anyOf": [ + { + "$ref": "#/definitions/CognitoAuthorizer" + }, + { + "$ref": "#/definitions/LambdaTokenAuthorizer" + }, + { + "$ref": "#/definitions/LambdaRequestAuthorizer" + } + ] + }, + "type": "object" + }, + "DefaultAuthorizer": { + "type": "string" + }, + "InvokeRole": { + "type": "string" + }, + "ResourcePolicy": { + "allOf": [ + { + "$ref": "#/definitions/ResourcePolicy" + } + ] + }, + "UsagePlan": { + "allOf": [ + { + "$ref": "#/definitions/UsagePlan" + } + ] + } + }, + "type": "object" + }, + "CognitoAuthorizer": { + "additionalProperties": false, + "properties": { + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Identity": { + "allOf": [ + { + "$ref": "#/definitions/CognitoAuthorizerIdentity" + } + ] + }, + "UserPoolArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "UserPoolArn" + ], + "type": "object" + }, + "CognitoAuthorizerIdentity": { + "additionalProperties": false, + "properties": { + "Header": { + "type": "string" + }, + "ReauthorizeEvery": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + }, + "ValidationExpression": { + "type": "string" + } + }, + "type": "object" + }, + "Cors": { + "additionalProperties": false, + "properties": { + "AllowCredentials": { + "type": "boolean" + }, + "AllowHeaders": { + "type": "string" + }, + "AllowMethods": { + "type": "string" + }, + "AllowOrigin": { + "type": "string" + }, + "MaxAge": { + "type": "string" + } + }, + "required": [ + "AllowOrigin" + ], + "type": "object" + }, + "DefinitionUri": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "Key": { + "type": "string" + }, + "Version": { + "type": "string" + } + }, + "required": [ + "Bucket", + "Key" + ], + "type": "object" + }, + "Domain": { + "additionalProperties": false, + "properties": { + "AccessAssociation": { + "$ref": "#/definitions/AccessAssociation" + }, + "BasePath": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "CertificateArn": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "DomainName": { + "type": "string" + }, + "EndpointConfiguration": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "REGIONAL", + "EDGE", + "PRIVATE" + ], + "type": "string" + } + ] + }, + "IpAddressType": { + "$ref": "#/definitions/PassThroughProp" + }, + "MutualTlsAuthentication": { + "$ref": "#/definitions/AWS::ApiGateway::DomainName.MutualTlsAuthentication" + }, + "NormalizeBasePath": { + "type": "boolean" + }, + "OwnershipVerificationCertificateArn": { + "type": "string" + }, + "Policy": { + "$ref": "#/definitions/PassThroughProp" + }, + "Route53": { + "allOf": [ + { + "$ref": "#/definitions/Route53" + } + ] + }, + "SecurityPolicy": { + "type": "string" + } + }, + "required": [ + "CertificateArn", + "DomainName" + ], + "type": "object" + }, + "EndpointConfiguration": { + "additionalProperties": false, + "properties": { + "IpAddressType": { + "$ref": "#/definitions/PassThroughProp" + }, + "Type": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VPCEndpointIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "LambdaRequestAuthorizer": { + "additionalProperties": false, + "properties": { + "DisableFunctionDefaultPermissions": { + "type": "boolean" + }, + "FunctionArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "FunctionInvokeRole": { + "type": "string" + }, + "FunctionPayloadType": { + "enum": [ + "REQUEST" + ], + "type": "string" + }, + "Identity": { + "allOf": [ + { + "$ref": "#/definitions/LambdaRequestAuthorizerIdentity" + } + ] + } + }, + "required": [ + "FunctionArn" + ], + "type": "object" + }, + "LambdaRequestAuthorizerIdentity": { + "additionalProperties": false, + "properties": { + "Context": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Headers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "QueryStrings": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ReauthorizeEvery": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + }, + "StageVariables": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "LambdaTokenAuthorizer": { + "additionalProperties": false, + "properties": { + "DisableFunctionDefaultPermissions": { + "type": "boolean" + }, + "FunctionArn": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "FunctionInvokeRole": { + "type": "string" + }, + "FunctionPayloadType": { + "enum": [ + "TOKEN" + ], + "type": "string" + }, + "Identity": { + "allOf": [ + { + "$ref": "#/definitions/LambdaTokenAuthorizerIdentity" + } + ] + } + }, + "required": [ + "FunctionArn" + ], + "type": "object" + }, + "LambdaTokenAuthorizerIdentity": { + "additionalProperties": false, + "properties": { + "Header": { + "type": "string" + }, + "ReauthorizeEvery": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "integer" + } + ] + }, + "ValidationExpression": { + "type": "string" + } + }, + "type": "object" + }, + "PassThroughProp": {}, + "ResourcePolicy": { + "additionalProperties": false, + "properties": { + "AwsAccountBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "AwsAccountWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "CustomStatements": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IntrinsicVpceWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "IpRangeWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcBlacklist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + }, + "SourceVpcWhitelist": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array" + } + }, + "type": "object" + }, + "Route53": { + "additionalProperties": false, + "properties": { + "DistributionDomainName": { + "type": "string" + }, + "EvaluateTargetHealth": { + "type": "boolean" + }, + "HostedZoneId": { + "type": "string" + }, + "HostedZoneName": { + "type": "string" + }, + "IpV6": { + "type": "boolean" + }, + "Region": { + "type": "string" + }, + "SeparateRecordSetGroup": { + "type": "boolean" + }, + "SetIdentifier": { + "type": "string" + }, + "VpcEndpointDomainName": { + "type": "string" + }, + "VpcEndpointHostedZoneId": { + "type": "string" + } + }, + "type": "object" + }, + "UsagePlan": { + "additionalProperties": false, + "properties": { + "CreateUsagePlan": { + "anyOf": [ + { + "type": "object" + }, + { + "enum": [ + "PER_API", + "SHARED", + "NONE" + ], + "type": "string" + } + ] + }, + "Description": { + "type": "string" + }, + "Quota": { + "additionalProperties": false, + "properties": { + "Limit": { + "minimum": 0, + "type": "integer" + }, + "Offset": { + "minimum": 0, + "type": "integer" + }, + "Period": { + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "insertionOrder": false, + "items": { + "additionalProperties": false, + "properties": { + "Key": { + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "Value": { + "maxLength": 256, + "minLength": 0, + "type": "string" + } + }, + "required": [ + "Value", + "Key" + ], + "type": "object" + }, + "type": "array", + "uniqueItems": false + }, + "Throttle": { + "additionalProperties": false, + "properties": { + "BurstLimit": { + "minimum": 0, + "type": "integer" + }, + "RateLimit": { + "minimum": 0, + "type": "number" + } + }, + "type": "object" + }, + "UsagePlanName": { + "type": "string" + } + }, + "required": [ + "CreateUsagePlan" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/RestApiId" + ], + "properties": { + "AccessLogSetting": { + "$ref": "#/definitions/AWS::ApiGateway::Stage.AccessLogSetting" + }, + "AlwaysDeploy": { + "type": "boolean" + }, + "ApiKeySourceType": { + "type": "string" + }, + "Auth": { + "allOf": [ + { + "$ref": "#/definitions/Auth" + } + ] + }, + "BinaryMediaTypes": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "CacheClusterEnabled": { + "type": "boolean" + }, + "CacheClusterSize": { + "type": "string" + }, + "CanarySetting": { + "$ref": "#/definitions/AWS::ApiGateway::Stage.CanarySetting" + }, + "Cors": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + }, + { + "$ref": "#/definitions/Cors" + } + ] + }, + "DefinitionBody": { + "type": "object" + }, + "DefinitionUri": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/DefinitionUri" + } + ] + }, + "Description": { + "type": "string" + }, + "DisableExecuteApiEndpoint": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "Domain": { + "allOf": [ + { + "$ref": "#/definitions/Domain" + } + ] + }, + "EndpointConfiguration": { + "anyOf": [ + { + "type": "object" + }, + { + "$ref": "#/definitions/EndpointConfiguration" + } + ] + }, + "FailOnWarnings": { + "type": "boolean" + }, + "GatewayResponses": { + "type": "object" + }, + "MergeDefinitions": { + "type": "boolean" + }, + "MethodSettings": { + "items": { + "$ref": "#/definitions/AWS::ApiGateway::Stage.MethodSetting" + }, + "type": "array" + }, + "MinimumCompressionSize": { + "type": "number" + }, + "Mode": { + "type": "string" + }, + "Models": { + "type": "object" + }, + "Name": { + "type": "string" + }, + "OpenApiVersion": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "Policy": { + "type": "object" + }, + "PropagateTags": { + "type": "boolean" + }, + "RestApiId": { + "type": "string" + }, + "RootResourceId": { + "type": "string" + }, + "SecurityPolicy": { + "type": "string" + }, + "StageName": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "Tags": { + "type": "object" + }, + "TracingEnabled": { + "type": "boolean" + }, + "Variables": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "readOnlyProperties": [ + "/properties/RestApiId", + "/properties/RootResourceId" + ], + "required": [ + "StageName" + ], + "typeName": "AWS::Serverless::Api" +} diff --git a/src/cfnlint/data/schemas/resources/e6e17ee142ff4fb5.json b/src/cfnlint/data/schemas/resources/e6e17ee142ff4fb5.json new file mode 100644 index 0000000000..78b5bceb0a --- /dev/null +++ b/src/cfnlint/data/schemas/resources/e6e17ee142ff4fb5.json @@ -0,0 +1,88 @@ +{ + "additionalProperties": false, + "definitions": { + "ContentUri": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "Key": { + "type": "string" + }, + "Version": { + "type": "string" + } + }, + "required": [ + "Bucket", + "Key" + ], + "type": "object" + }, + "PassThroughProp": {} + }, + "primaryIdentifier": [ + "/properties/LayerVersionArn" + ], + "properties": { + "CompatibleArchitectures": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CompatibleRuntimes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ContentUri": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/ContentUri" + } + ] + }, + "Description": { + "type": "string" + }, + "LayerName": { + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ] + }, + "LayerVersionArn": { + "type": "string" + }, + "LicenseInfo": { + "type": "string" + }, + "PublishLambdaVersion": { + "type": "boolean" + }, + "RetentionPolicy": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "readOnlyProperties": [ + "/properties/LayerVersionArn" + ], + "required": [ + "ContentUri" + ], + "typeName": "AWS::Serverless::LayerVersion" +} diff --git a/src/cfnlint/data/schemas/resources/f7ac4b0ebba84f8b.json b/src/cfnlint/data/schemas/resources/f7ac4b0ebba84f8b.json new file mode 100644 index 0000000000..8ffed08262 --- /dev/null +++ b/src/cfnlint/data/schemas/resources/f7ac4b0ebba84f8b.json @@ -0,0 +1,81 @@ +{ + "additionalProperties": false, + "definitions": { + "Location": { + "additionalProperties": false, + "properties": { + "ApplicationId": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + }, + "SemanticVersion": { + "anyOf": [ + { + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "ApplicationId", + "SemanticVersion" + ], + "type": "object" + } + }, + "primaryIdentifier": [ + "/properties/StackId" + ], + "properties": { + "Location": { + "anyOf": [ + { + "type": "string" + }, + { + "$ref": "#/definitions/Location" + } + ] + }, + "NotificationARNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Parameters": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "StackId": { + "type": "string" + }, + "Tags": { + "type": "object" + }, + "TimeoutInMinutes": { + "type": "number" + } + }, + "readOnlyProperties": [ + "/properties/StackId" + ], + "required": [ + "Location" + ], + "typeName": "AWS::Serverless::Application" +} diff --git a/src/cfnlint/rules/resources/CircularDependency.py b/src/cfnlint/rules/resources/CircularDependency.py index 14efa058f8..fa098f448a 100644 --- a/src/cfnlint/rules/resources/CircularDependency.py +++ b/src/cfnlint/rules/resources/CircularDependency.py @@ -31,6 +31,16 @@ def match(self, cfn: Template) -> RuleMatches: cfn.graph.graph.nodes[source].get("type") == "Resource" and cfn.graph.graph.nodes[target].get("type") == "Resource" ): + # SAM resources get split into multiple CFN resources during + # transform, which can break apparent cycles. Skip cycles + # where either resource is a SAM type. + source_rt = cfn.graph.graph.nodes[source].get("resource_type", "") + target_rt = cfn.graph.graph.nodes[target].get("resource_type", "") + if source_rt.startswith("AWS::Serverless::") or target_rt.startswith( + "AWS::Serverless::" + ): + continue + message = ( f"Circular Dependencies for resource {source}. Circular dependency" f" with [{target}]" diff --git a/src/cfnlint/rules/resources/GlobalsTransform.py b/src/cfnlint/rules/resources/GlobalsTransform.py new file mode 100644 index 0000000000..be49b89572 --- /dev/null +++ b/src/cfnlint/rules/resources/GlobalsTransform.py @@ -0,0 +1,60 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from typing import Any + +import cfnlint.data.schemas.other.sam +from cfnlint.helpers import TRANSFORM_SAM +from cfnlint.jsonschema import ValidationError, ValidationResult, Validator +from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema, SchemaDetails + + +class GlobalsTransform(CfnLintJsonSchema): + """Check if Globals section exists without the Serverless Transform""" + + id = "E3722" + shortdesc = "Validate Globals section" + description = ( + "The Globals section is only valid in SAM templates. " + "Check that the Serverless transform is declared and " + "validate the Globals section structure." + ) + source_url = "https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-template-anatomy-globals.html" + tags = ["resources", "transform", "serverless"] + + def __init__(self) -> None: + super().__init__( + keywords=["Globals"], + schema_details=SchemaDetails( + cfnlint.data.schemas.other.sam, "globals.json" + ), + ) + + def message(self, instance: Any, err: ValidationError) -> str: + return err.message + + def validate( + self, validator: Validator, s: Any, instance: Any, schema: Any + ) -> ValidationResult: + if not isinstance(instance, dict): + return + + if not validator.cfn.has_serverless_transform(): + yield ValidationError( + f"'Globals' section requires the serverless " + f"transform {TRANSFORM_SAM!r}", + rule=self, + ) + return + + # Validate the Globals section structure against the schema + cfn_validator = self.extend_validator( + validator=validator, + schema=self._schema, + context=validator.context.evolve(), + ) + yield from self._iter_errors(cfn_validator, instance) diff --git a/src/cfnlint/rules/resources/ServerlessTransformAttributes.py b/src/cfnlint/rules/resources/ServerlessTransformAttributes.py new file mode 100644 index 0000000000..6e7246e247 --- /dev/null +++ b/src/cfnlint/rules/resources/ServerlessTransformAttributes.py @@ -0,0 +1,44 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from typing import Any + +from cfnlint.helpers import TRANSFORM_SAM +from cfnlint.jsonschema import ValidationError, ValidationResult, Validator +from cfnlint.rules.jsonschema import CfnLintKeyword + + +class ServerlessTransformAttributes(CfnLintKeyword): + """Check if SAM resource attributes exist without the Serverless Transform""" + + id = "E3065" + shortdesc = "SAM resource attributes require the Serverless Transform" + description = ( + "Connectors and IgnoreGlobals are SAM resource attributes " + "that require the Serverless Transform to be declared" + ) + source_url = "https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/managing-permissions-connectors.html" + tags = ["resources", "transform"] + + def __init__(self) -> None: + super().__init__( + keywords=[ + "Resources/*/Connectors", + "Resources/*/IgnoreGlobals", + ] + ) + + def validate( + self, validator: Validator, s: Any, instance: Any, schema: Any + ) -> ValidationResult: + if validator.cfn.has_serverless_transform(): + return + + attribute = validator.context.path.path[-1] + yield ValidationError( + f"{attribute!r} is a SAM resource attribute that requires " + f"the serverless transform {TRANSFORM_SAM!r}", + rule=self, + ) diff --git a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeCreate.py b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeCreate.py index fcc6d7b37e..0954509660 100644 --- a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeCreate.py +++ b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeCreate.py @@ -23,7 +23,13 @@ class DeprecatedRuntimeCreate(CfnLintKeyword): def __init__(self): """Init""" - super().__init__(["Resources/AWS::Lambda::Function/Properties/Runtime"]) + super().__init__( + [ + "Resources/AWS::Lambda::Function/Properties/Runtime", + "Resources/AWS::Serverless::Function/Properties/Runtime", + "Globals/Function/Runtime", + ] + ) self.deprecated_runtimes = load_resource( AdditionalSpecs, "LmbdRuntimeLifecycle.json" ) diff --git a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEol.py b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEol.py index a0e91e339e..230a3b4981 100644 --- a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEol.py +++ b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEol.py @@ -27,7 +27,13 @@ class DeprecatedRuntimeEol(CfnLintKeyword): def __init__(self): """Init""" - super().__init__(["Resources/AWS::Lambda::Function/Properties/Runtime"]) + super().__init__( + [ + "Resources/AWS::Lambda::Function/Properties/Runtime", + "Resources/AWS::Serverless::Function/Properties/Runtime", + "Globals/Function/Runtime", + ] + ) self.deprecated_runtimes = load_resource( AdditionalSpecs, "LmbdRuntimeLifecycle.json" ) diff --git a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeUpdate.py b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeUpdate.py index dab8ff8b37..447ea42dd3 100644 --- a/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeUpdate.py +++ b/src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeUpdate.py @@ -27,7 +27,13 @@ class DeprecatedRuntimeUpdate(CfnLintKeyword): def __init__(self): """Init""" - super().__init__(["Resources/AWS::Lambda::Function/Properties/Runtime"]) + super().__init__( + [ + "Resources/AWS::Lambda::Function/Properties/Runtime", + "Resources/AWS::Serverless::Function/Properties/Runtime", + "Globals/Function/Runtime", + ] + ) self.deprecated_runtimes = load_resource( AdditionalSpecs, "LmbdRuntimeLifecycle.json" ) diff --git a/src/cfnlint/rules/resources/lmbd/FunctionEnvironmentKeys.py b/src/cfnlint/rules/resources/lmbd/FunctionEnvironmentKeys.py index e50e641600..b563837859 100644 --- a/src/cfnlint/rules/resources/lmbd/FunctionEnvironmentKeys.py +++ b/src/cfnlint/rules/resources/lmbd/FunctionEnvironmentKeys.py @@ -30,7 +30,8 @@ def __init__(self): """Init""" super().__init__( keywords=[ - "Resources/AWS::Lambda::Function/Properties/Environment/Variables" + "Resources/AWS::Lambda::Function/Properties/Environment/Variables", + "Resources/AWS::Serverless::Function/Properties/Environment/Variables", ], schema_details=SchemaDetails( cfnlint.data.schemas.extensions.aws_lambda_function, diff --git a/src/cfnlint/rules/resources/lmbd/FunctionLogLevelLogFormat.py b/src/cfnlint/rules/resources/lmbd/FunctionLogLevelLogFormat.py index b01fdc99f2..aa8dcf60fe 100644 --- a/src/cfnlint/rules/resources/lmbd/FunctionLogLevelLogFormat.py +++ b/src/cfnlint/rules/resources/lmbd/FunctionLogLevelLogFormat.py @@ -23,7 +23,10 @@ class FunctionLogLevelLogFormat(CfnLintJsonSchema): def __init__(self) -> None: super().__init__( - keywords=["Resources/AWS::Lambda::Function/Properties"], + keywords=[ + "Resources/AWS::Lambda::Function/Properties", + "Resources/AWS::Serverless::Function/Properties", + ], schema_details=SchemaDetails( module=cfnlint.data.schemas.extensions.aws_lambda_function, filename="loglevel_logformat.json", diff --git a/src/cfnlint/rules/resources/lmbd/FunctionPackageTypeImageExclusions.py b/src/cfnlint/rules/resources/lmbd/FunctionPackageTypeImageExclusions.py index 0d34d4ed95..83f14b5cca 100644 --- a/src/cfnlint/rules/resources/lmbd/FunctionPackageTypeImageExclusions.py +++ b/src/cfnlint/rules/resources/lmbd/FunctionPackageTypeImageExclusions.py @@ -23,7 +23,10 @@ class FunctionPackageTypeImageExclusions(CfnLintJsonSchema): def __init__(self) -> None: super().__init__( - keywords=["Resources/AWS::Lambda::Function/Properties"], + keywords=[ + "Resources/AWS::Lambda::Function/Properties", + "Resources/AWS::Serverless::Function/Properties", + ], schema_details=SchemaDetails( module=cfnlint.data.schemas.extensions.aws_lambda_function, filename="packagetype_image_exclusions.json", diff --git a/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeEnum.py b/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeEnum.py index d293a44ce3..afc2db9f00 100644 --- a/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeEnum.py +++ b/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeEnum.py @@ -23,7 +23,10 @@ class FunctionZipfileRuntimeEnum(CfnLintJsonSchema): def __init__(self) -> None: super().__init__( - keywords=["Resources/AWS::Lambda::Function/Properties"], + keywords=[ + "Resources/AWS::Lambda::Function/Properties", + "Resources/AWS::Serverless::Function/Properties", + ], schema_details=SchemaDetails( module=cfnlint.data.schemas.extensions.aws_lambda_function, filename="zipfile_runtime_enum.json", diff --git a/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeExists.py b/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeExists.py index ca8553f528..6570931eeb 100644 --- a/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeExists.py +++ b/src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeExists.py @@ -20,7 +20,10 @@ class FunctionZipfileRuntimeExists(CfnLintJsonSchema): def __init__(self) -> None: super().__init__( - keywords=["Resources/AWS::Lambda::Function/Properties"], + keywords=[ + "Resources/AWS::Lambda::Function/Properties", + "Resources/AWS::Serverless::Function/Properties", + ], schema_details=SchemaDetails( module=cfnlint.data.schemas.extensions.aws_lambda_function, filename="zipfile_runtime_exists.json", diff --git a/src/cfnlint/schema/_getatts.py b/src/cfnlint/schema/_getatts.py index d8fa962476..6af77fbdda 100644 --- a/src/cfnlint/schema/_getatts.py +++ b/src/cfnlint/schema/_getatts.py @@ -211,7 +211,6 @@ _unnamed_unknown_types = ( "Custom::", - "AWS::Serverless::", "AWS::CloudFormation::CustomResource", "Module", ) diff --git a/src/cfnlint/schema/_ref.py b/src/cfnlint/schema/_ref.py index 8ae27f256c..c1acdc9043 100644 --- a/src/cfnlint/schema/_ref.py +++ b/src/cfnlint/schema/_ref.py @@ -13,6 +13,7 @@ class Ref: def __init__(self, schema: "Schema") -> None: + self._ref: dict[str, Any] = {} primary_ids = schema.schema.get("primaryIdentifier", []) if len(primary_ids) > 1: self._ref = {"type": "string"} diff --git a/src/cfnlint/template/transforms/_sam.py b/src/cfnlint/template/transforms/_sam.py deleted file mode 100644 index a66598f9b2..0000000000 --- a/src/cfnlint/template/transforms/_sam.py +++ /dev/null @@ -1,293 +0,0 @@ -""" -Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. -SPDX-License-Identifier: MIT-0 -""" - -from __future__ import annotations - -import logging -import os -from typing import Any - -import samtranslator -from samtranslator.parser import parser -from samtranslator.public.exceptions import InvalidDocumentException -from samtranslator.sdk import resource -from samtranslator.translator.translator import Translator - -from cfnlint.data import Serverless -from cfnlint.decode.utils import convert_dict -from cfnlint.helpers import ( - TRANSFORM_LANGUAGE_EXTENSION, - ensure_list, - is_function, - load_resource, -) -from cfnlint.template.transforms._types import TransformResult - -LOGGER = logging.getLogger("cfnlint") - -samtranslator_logger = logging.getLogger("samtranslator") -samtranslator_logger.setLevel(logging.CRITICAL) - - -# Override SAM validation as cfn-lint does thoese -# checks already -# pylint: disable=unused-argument -def valid_override(self): - return resource.SamResourceType.has_value(self.type) - - -# pylint: disable=redefined-outer-name -resource.SamResource.valid = valid_override - - -class Transform: - """ - Application Serverless Module tranform Wrapper. - Based on code from AWS SAM CLI: - https://github.com/awslabs/aws-sam-cli/blob/develop/samcli/commands/validate/lib/sam_template_validator.py - """ - - def __init__(self, filename, template, region): - """ - Initialize Transform class - """ - self._filename = filename - self._template = template - self._region = region - self._parameters = {} - - self._managed_policy_map = self.load_managed_policies() - self._sam_parser = parser.Parser() - - def template(self): - """Get the template""" - return self._template - - def load_managed_policies(self): - """ - Load the ManagedPolicies locally, based on the AWS-CLI: - https://github.com/awslabs/aws-sam-cli/blob/develop/samcli/lib/samlib/default_managed_policies.json - """ - return load_resource(Serverless, "ManagedPolicies.json") - - def _replace_local_codeuri(self): - """ - Replaces the CodeUri in AWS::Serverless::Function and DefinitionUri in - AWS::Serverless::Api to a fake S3 Uri. This is to support running the - SAM Translator with valid values for these fields. If this is not done, - the template is invalid in the eyes of SAM Translator (the translator - does not support local paths) - """ - - all_resources = self._template.get("Resources", {}) - - template_globals = self._template.get("Globals", {}) - auto_publish_alias = template_globals.get("Function", {}).get( - "AutoPublishAlias" - ) - if isinstance(auto_publish_alias, dict): - if len(auto_publish_alias) == 1: - for k, v in auto_publish_alias.items(): - if k == "Ref": - if v in self._template.get("Parameters"): - self._parameters[v] = "Alias" - - for _, rsc in all_resources.items(): - resource_type = rsc.get("Type") - resource_dict = rsc.get("Properties") - if not isinstance(resource_dict, dict): - continue - - if resource_type == "AWS::Serverless::Function": - if resource_dict.get("PackageType") == "Image": - Transform._update_to_s3_uri("ImageUri", resource_dict) - else: - Transform._update_to_s3_uri("CodeUri", resource_dict) - auto_publish_alias = resource_dict.get("AutoPublishAlias") - if isinstance(auto_publish_alias, dict): - k, v = is_function(auto_publish_alias) - if k == "Ref": - if v in self._template.get("Parameters"): - self._parameters[v] = "Alias" - if isinstance(resource_dict.get("AutoPublishCodeSha256"), dict): - resource_dict["AutoPublishCodeSha256"] = "fakesha" - if resource_type in ["AWS::Serverless::LayerVersion"]: - if resource_dict.get("ContentUri"): - Transform._update_to_s3_uri("ContentUri", resource_dict) - if resource_type == "AWS::Serverless::Application": - if resource_dict.get("Location"): - if isinstance(resource_dict.get("Location"), dict): - resource_dict["Location"] = "" - Transform._update_to_s3_uri("Location", resource_dict) - if resource_type == "AWS::Serverless::Api": - if ( - "DefinitionBody" not in resource_dict - and "Auth" not in resource_dict - and "Cors" not in resource_dict - and "DisableExecuteApiEndpoint" not in resource_dict - ): - Transform._update_to_s3_uri("DefinitionUri", resource_dict) - else: - resource_dict["DefinitionBody"] = "" - if resource_type == "AWS::Serverless::StateMachine" and resource_dict.get( - "DefinitionUri" - ): - Transform._update_to_s3_uri("DefinitionUri", resource_dict) - - def _find_and_replace(self, item, parameters): - k, v = is_function(item) - if k == "Ref": - if v in parameters: - return parameters[v] - if isinstance(item, dict): - for k, v in item.items(): - item[k] = self._find_and_replace(v, parameters) - if isinstance(item, list): - for i, v in enumerate(item): - item[i] = self._find_and_replace(v, parameters) - - return item - - def _replace_variables_with_language_extension(self): - transforms = self._template.get("Transform", []) - - transforms = ensure_list(transforms) - if TRANSFORM_LANGUAGE_EXTENSION in transforms: - parameters = {} - for k, v in self._template.get("Parameters", {}).items(): - p_type = v.get("Type") - if isinstance(p_type, str): - if p_type.startswith("AWS::SSM::Parameter::"): - continue - if isinstance(v, dict): - if v.get("Default"): - if v.get("Type") == "CommaDelimitedList": - parameters[k] = v.get("Default").split(",") - else: - parameters[k] = v.get("Default") - - self._template["Resources"] = self._find_and_replace( - self._template.get("Resources", {}), parameters - ) - - def transform_template(self): - """ - Transform the Template using the Serverless Application Model. - """ - matches = [] - - try: - # Output the SAM Translator version in debug mode - LOGGER.info("SAM Translator: %s", samtranslator.__version__) - - sam_translator = Translator( - managed_policy_map=self._managed_policy_map, sam_parser=self._sam_parser - ) - - self._replace_variables_with_language_extension() - self._replace_local_codeuri() - - # Tell SAM to use the region we're linting in, this has to be - # controlled using the default AWS mechanisms, see also: - # https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/translator/arn_generator.py - LOGGER.info("Setting AWS_DEFAULT_REGION to %s", self._region) - os.environ["AWS_DEFAULT_REGION"] = self._region - - self._template = convert_dict( - sam_translator.translate( - sam_template=self._template, - parameter_values=self._parameters, - passthrough_metadata=True, - ) - ) - - except InvalidDocumentException as e: - # pylint: disable=import-outside-toplevel - from cfnlint.match import Match # pylint: disable=cyclic-import - from cfnlint.rules.errors import ( - TransformError, # pylint: disable=cyclic-import - ) - - message = "Error transforming template: {0}" - for cause in e.causes: - matches.append( - Match.create( - filename=self._filename, - rule=TransformError(), - message=message.format(cause.message), - ) - ) - except Exception as e: # pylint: disable=W0703 - # pylint: disable=import-outside-toplevel - from cfnlint.match import Match # pylint: disable=cyclic-import - from cfnlint.rules.errors import ( - TransformError, # pylint: disable=cyclic-import - ) - - LOGGER.debug("Error transforming template: %s", str(e)) - LOGGER.debug("Stack trace: %s", e, exc_info=True) - message = "Error transforming template: {0}" - matches.append( - Match.create( - filename=self._filename, - rule=TransformError(), - message=message.format(str(e)), - ) - ) - - return matches - - @staticmethod - def is_s3_uri(uri): - """ - Checks the uri and determines if it is a valid S3 Uri - Parameters - ---------- - uri str, required - Uri to check - Returns - ------- - bool - Returns True if the uri given is an S3 uri, otherwise False - """ - return isinstance(uri, str) and uri.startswith("s3://") - - @staticmethod - def _update_to_s3_uri( - property_key, resource_property_dict, s3_uri_value="s3://bucket/value" - ): - """ - Updates the 'property_key' in the 'resource_property_dict' to the - value of 's3_uri_value' - Note: The function will mutate the resource_property_dict that is pass - in Parameters - ---------- - property_key str, required - Key in the resource_property_dict - resource_property_dict dict, required - Property dictionary of a Resource in the template to replace - s3_uri_value str, optional - Value to update the value of the property_key to - """ - uri_property = resource_property_dict.get(property_key, ".") - - # ignore if dict or already an S3 Uri - if isinstance(uri_property, dict): - key, _ = is_function(uri_property) - if key: - resource_property_dict[property_key] = s3_uri_value - return - if Transform.is_s3_uri(uri_property): - return - - resource_property_dict[property_key] = s3_uri_value - - -def sam(cfn: Any) -> TransformResult: - transform = Transform(cfn.filename, cfn.template, cfn.regions[0]) - matches = transform.transform_template() - if matches: - return matches, None - return matches, transform.template() diff --git a/src/cfnlint/template/transforms/_sam_globals.py b/src/cfnlint/template/transforms/_sam_globals.py new file mode 100644 index 0000000000..c350423bbe --- /dev/null +++ b/src/cfnlint/template/transforms/_sam_globals.py @@ -0,0 +1,100 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from copy import deepcopy +from typing import Any + +from cfnlint.helpers import is_function + +# Globals section key -> resource type +_GLOBALS_TYPE_MAP: dict[str, str] = { + "Function": "AWS::Serverless::Function", + "Api": "AWS::Serverless::Api", + "HttpApi": "AWS::Serverless::HttpApi", + "SimpleTable": "AWS::Serverless::SimpleTable", + "StateMachine": "AWS::Serverless::StateMachine", + "LayerVersion": "AWS::Serverless::LayerVersion", + "CapacityProvider": "AWS::Serverless::CapacityProvider", + "WebSocketApi": "AWS::Serverless::WebSocketApi", +} + + +def _is_intrinsic(value: Any) -> bool: + k, _ = is_function(value) + return k is not None + + +def _merge(global_value: Any, local_value: Any) -> Any: + """Merge a global value with a local value. + + Rules (matching SAM translator behavior): + - Primitives/intrinsics: local wins + - Dicts: recursive merge, local keys override + - Lists: concatenate global + local + - Type mismatch: local wins + """ + if isinstance(global_value, dict) and isinstance(local_value, dict): + if _is_intrinsic(global_value) or _is_intrinsic(local_value): + return local_value + result = global_value.copy() + for k, v in local_value.items(): + result[k] = _merge(result[k], v) if k in result else v + return result + + if isinstance(global_value, list) and isinstance(local_value, list): + return global_value + local_value + + return local_value + + +def merge_globals(template: dict[str, Any]) -> dict[str, Any]: + """Merge Globals properties into SAM resources. + + Modifies the template in place and returns it. + Does nothing if there is no Globals section. + """ + globals_section = template.get("Globals") + if not isinstance(globals_section, dict): + return template + + resources = template.get("Resources") + if not isinstance(resources, dict): + return template + + # Build a map of resource_type -> global properties + globals_by_type: dict[str, dict[str, Any]] = {} + for section_name, props in globals_section.items(): + resource_type = _GLOBALS_TYPE_MAP.get(section_name) + if resource_type and isinstance(props, dict): + globals_by_type[resource_type] = props + + # Merge into each matching resource + for resource in resources.values(): + if not isinstance(resource, dict): + continue + resource_type = resource.get("Type") + if resource_type not in globals_by_type: + continue + + # Support IgnoreGlobals attribute + ignore = resource.get("IgnoreGlobals") + if ignore == "*": + continue + + global_props = deepcopy(globals_by_type[resource_type]) + + if isinstance(ignore, list): + for key in ignore: + global_props.pop(key, None) + + local_props = resource.get("Properties") + if not isinstance(local_props, dict): + local_props = {} + + resource["Properties"] = _merge(global_props, local_props) + + return template diff --git a/src/cfnlint/template/transforms/transform.py b/src/cfnlint/template/transforms/transform.py index 51d4b62870..a91bee5a60 100644 --- a/src/cfnlint/template/transforms/transform.py +++ b/src/cfnlint/template/transforms/transform.py @@ -18,7 +18,7 @@ ) from cfnlint.match import Match from cfnlint.template.transforms._language_extensions import language_extension -from cfnlint.template.transforms._sam import sam +from cfnlint.template.transforms._sam_globals import merge_globals from cfnlint.template.transforms._types import TransformResult LOGGER = logging.getLogger("cfnlint") @@ -27,7 +27,6 @@ class Transform: def __init__(self) -> None: self.transforms: Mapping[str, Callable[[Any], TransformResult]] = { - TRANSFORM_SAM: sam, TRANSFORM_LANGUAGE_EXTENSION: language_extension, } @@ -44,6 +43,12 @@ def transform(self, cfn: Any) -> list[Match]: if not transform_type: return matches + # Merge SAM Globals into resources before validation. + # This replaces the full SAM transform — we validate the + # SAM template directly using SAM schemas instead. + if TRANSFORM_SAM in transform_type: + merge_globals(cfn.template) + cfn.transform_pre["Globals"] = cfn.template.get("Globals", {}) for name in transform_type: if not isinstance(name, str): @@ -62,13 +67,6 @@ def transform(self, cfn: Any) -> list[Match]: return matches cfn.template = template - if len(transform_type) > 1: - # SAM will erase the entire Transform section - # this sets it back with all transforms except SAM - cfn.template["Transform"] = [ - t for t in transform_type if t != TRANSFORM_SAM - ] - LOGGER.info("Transformed template: \n%s", format_json_string(cfn.template)) cfn.graph = Graph(cfn) cfn.conditions = Conditions(cfn) diff --git a/test/fixtures/results/good/transform_serverless_globals.json b/test/fixtures/results/good/transform_serverless_globals.json new file mode 100644 index 0000000000..9788079f21 --- /dev/null +++ b/test/fixtures/results/good/transform_serverless_globals.json @@ -0,0 +1,31 @@ +[ + { + "Filename": "test/fixtures/templates/good/transform_serverless_globals.yaml", + "Id": "92e72a31-d321-f7fa-8f1e-74e9bc8a44d7", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 12, + "LineNumber": 5 + }, + "Path": [ + "Resources", + "myFunction", + "Properties", + "Runtime" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 5 + } + }, + "Message": "Runtime 'nodejs6.10' was deprecated on '2019-08-12'. Creation was disabled on '2019-07-12' and update on '2019-08-12'. Please consider updating to 'nodejs24.x'", + "ParentId": null, + "Rule": { + "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function", + "Id": "E2533", + "ShortDescription": "Check if Lambda Function Runtimes are updatable", + "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" + } + } +] diff --git a/test/fixtures/results/good/transform_serverless_ignore_globals.json b/test/fixtures/results/good/transform_serverless_ignore_globals.json new file mode 100644 index 0000000000..ea03d70d98 --- /dev/null +++ b/test/fixtures/results/good/transform_serverless_ignore_globals.json @@ -0,0 +1,31 @@ +[ + { + "Filename": "test/fixtures/templates/good/transform_serverless_ignore_globals.yaml", + "Id": "b85523fd-5fcb-f152-25c0-6dabc5e3fadd", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 12, + "LineNumber": 6 + }, + "Path": [ + "Resources", + "InheritsGlobalsFunction", + "Properties", + "Runtime" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 6 + } + }, + "Message": "Runtime 'nodejs6.10' was deprecated on '2019-08-12'. Creation was disabled on '2019-07-12' and update on '2019-08-12'. Please consider updating to 'nodejs24.x'", + "ParentId": null, + "Rule": { + "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function", + "Id": "E2533", + "ShortDescription": "Check if Lambda Function Runtimes are updatable", + "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" + } + } +] diff --git a/test/fixtures/results/good/transform_serverless_template.json b/test/fixtures/results/good/transform_serverless_template.json new file mode 100644 index 0000000000..5695354279 --- /dev/null +++ b/test/fixtures/results/good/transform_serverless_template.json @@ -0,0 +1,204 @@ +[ + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "492603be-d841-74b2-4b6d-b2ceafa5f504", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 14, + "LineNumber": 9 + }, + "Path": [ + "Resources", + "myFunction", + "Properties", + "Runtime" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 9 + } + }, + "Message": "Runtime 'nodejs4.3' was deprecated on '2020-03-05'. Creation was disabled on '2020-02-03' and update on '2020-03-05'. Please consider updating to 'nodejs24.x'", + "ParentId": null, + "Rule": { + "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function", + "Id": "E2533", + "ShortDescription": "Check if Lambda Function Runtimes are updatable", + "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "978690ef-1802-e42c-7c8a-b0d0edec02f1", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 52 + }, + "Path": [ + "Resources", + "ExampleLayer", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 52 + } + }, + "Message": "'ContentUri' is a required property", + "ParentId": null, + "Rule": { + "Description": "Make sure that Resources properties that are required exist", + "Id": "E3003", + "ShortDescription": "Required Resource properties are missing", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#required" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "5516047c-2708-b836-e3be-7ccd09bdd920", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 58 + }, + "Path": [ + "Resources", + "AppName", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 58 + } + }, + "Message": "'Location' is a required property", + "ParentId": null, + "Rule": { + "Description": "Make sure that Resources properties that are required exist", + "Id": "E3003", + "ShortDescription": "Required Resource properties are missing", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#required" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "52a846e8-102a-eb3f-67e6-39784a73ef43", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 68 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 68 + } + }, + "Message": "The set of Attributes in AttributeDefinitions: [] and KeySchemas: ['String'] must match at Resources/myFunctionRole/Properties", + "ParentId": null, + "Rule": { + "Description": "Verify the set of Attributes in AttributeDefinitions and KeySchemas match", + "Id": "E3039", + "ShortDescription": "AttributeDefinitions / KeySchemas mismatch", + "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "8ce63251-77ff-586e-856d-f51ea791408d", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 70 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 70 + } + }, + "Message": "[{'AttributeName': 'String', 'KeyType': 'String'}] is not of type 'object', 'string'", + "ParentId": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Rule": { + "Description": "Checks resource property values with Primitive Types for values that match those types.", + "Id": "E3012", + "ShortDescription": "Check resource properties values", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#type" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 70 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 70 + } + }, + "Message": "[{'AttributeName': 'String', 'KeyType': 'String'}] is not valid under any of the given schemas", + "ParentId": null, + "Rule": { + "Description": "Making sure CloudFormation properties that require only one property from a list. One has to be specified.", + "Id": "E3018", + "ShortDescription": "Check Properties that need only one of a list of properties", + "Source": "https://github.com/aws-cloudformation/cfn-lint" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "7ac96d11-d14a-9b30-2bb6-688aa6de66f2", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 73 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema", + 0, + "KeyType" + ], + "Start": { + "ColumnNumber": 9, + "LineNumber": 73 + } + }, + "Message": "'HASH' was expected", + "ParentId": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Rule": { + "Description": "Making sure that resources properties are properly configured", + "Id": "E3002", + "ShortDescription": "Resource properties are invalid", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#properties" + } + } +] diff --git a/test/fixtures/results/transform_ignore/transform_serverless_template.json b/test/fixtures/results/transform_ignore/transform_serverless_template.json new file mode 100644 index 0000000000..7468c70990 --- /dev/null +++ b/test/fixtures/results/transform_ignore/transform_serverless_template.json @@ -0,0 +1,258 @@ +[ + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "492603be-d841-74b2-4b6d-b2ceafa5f504", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 14, + "LineNumber": 9 + }, + "Path": [ + "Resources", + "myFunction", + "Properties", + "Runtime" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 9 + } + }, + "Message": "Runtime 'nodejs4.3' was deprecated on '2020-03-05'. Creation was disabled on '2020-02-03' and update on '2020-03-05'. Please consider updating to 'nodejs24.x'", + "ParentId": null, + "Rule": { + "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function", + "Id": "E2533", + "ShortDescription": "Check if Lambda Function Runtimes are updatable", + "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "978690ef-1802-e42c-7c8a-b0d0edec02f1", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 52 + }, + "Path": [ + "Resources", + "ExampleLayer", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 52 + } + }, + "Message": "'ContentUri' is a required property", + "ParentId": null, + "Rule": { + "Description": "Make sure that Resources properties that are required exist", + "Id": "E3003", + "ShortDescription": "Required Resource properties are missing", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#required" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "5516047c-2708-b836-e3be-7ccd09bdd920", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 58 + }, + "Path": [ + "Resources", + "AppName", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 58 + } + }, + "Message": "'Location' is a required property", + "ParentId": null, + "Rule": { + "Description": "Make sure that Resources properties that are required exist", + "Id": "E3003", + "ShortDescription": "Required Resource properties are missing", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#required" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "c3ce3db2-06fd-56d7-47b8-b71b39cba494", + "Level": "Informational", + "Location": { + "End": { + "ColumnNumber": 17, + "LineNumber": 66 + }, + "Path": [ + "Resources", + "myFunctionRole" + ], + "Start": { + "ColumnNumber": 3, + "LineNumber": 66 + } + }, + "Message": "'DeletionPolicy' is a required property (The default action when replacing/removing a resource is to delete it. Set explicit values for stateful resource)", + "ParentId": null, + "Rule": { + "Description": "The default action when replacing/removing a resource is to delete it. This check requires you to explicitly set policies", + "Id": "I3011", + "ShortDescription": "Check stateful resources have a set UpdateReplacePolicy/DeletionPolicy", + "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "220ad576-44ba-1507-8d11-adc3156c9ddb", + "Level": "Informational", + "Location": { + "End": { + "ColumnNumber": 17, + "LineNumber": 66 + }, + "Path": [ + "Resources", + "myFunctionRole" + ], + "Start": { + "ColumnNumber": 3, + "LineNumber": 66 + } + }, + "Message": "'UpdateReplacePolicy' is a required property (The default action when replacing/removing a resource is to delete it. Set explicit values for stateful resource)", + "ParentId": null, + "Rule": { + "Description": "The default action when replacing/removing a resource is to delete it. This check requires you to explicitly set policies", + "Id": "I3011", + "ShortDescription": "Check stateful resources have a set UpdateReplacePolicy/DeletionPolicy", + "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "52a846e8-102a-eb3f-67e6-39784a73ef43", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 15, + "LineNumber": 68 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties" + ], + "Start": { + "ColumnNumber": 5, + "LineNumber": 68 + } + }, + "Message": "The set of Attributes in AttributeDefinitions: [] and KeySchemas: ['String'] must match at Resources/myFunctionRole/Properties", + "ParentId": null, + "Rule": { + "Description": "Verify the set of Attributes in AttributeDefinitions and KeySchemas match", + "Id": "E3039", + "ShortDescription": "AttributeDefinitions / KeySchemas mismatch", + "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "8ce63251-77ff-586e-856d-f51ea791408d", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 70 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 70 + } + }, + "Message": "[{'AttributeName': 'String', 'KeyType': 'String'}] is not of type 'object', 'string'", + "ParentId": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Rule": { + "Description": "Checks resource property values with Primitive Types for values that match those types.", + "Id": "E3012", + "ShortDescription": "Check resource properties values", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#type" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 70 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema" + ], + "Start": { + "ColumnNumber": 7, + "LineNumber": 70 + } + }, + "Message": "[{'AttributeName': 'String', 'KeyType': 'String'}] is not valid under any of the given schemas", + "ParentId": null, + "Rule": { + "Description": "Making sure CloudFormation properties that require only one property from a list. One has to be specified.", + "Id": "E3018", + "ShortDescription": "Check Properties that need only one of a list of properties", + "Source": "https://github.com/aws-cloudformation/cfn-lint" + } + }, + { + "Filename": "test/fixtures/templates/bad/transform_serverless_template.yaml", + "Id": "7ac96d11-d14a-9b30-2bb6-688aa6de66f2", + "Level": "Error", + "Location": { + "End": { + "ColumnNumber": 16, + "LineNumber": 73 + }, + "Path": [ + "Resources", + "myFunctionRole", + "Properties", + "KeySchema", + 0, + "KeyType" + ], + "Start": { + "ColumnNumber": 9, + "LineNumber": 73 + } + }, + "Message": "'HASH' was expected", + "ParentId": "9c4050f6-9596-1f41-80f9-0c2ddfef4bff", + "Rule": { + "Description": "Making sure that resources properties are properly configured", + "Id": "E3002", + "ShortDescription": "Resource properties are invalid", + "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/cfn-schema-specification.md#properties" + } + } +] diff --git a/test/fixtures/templates/good/transform_serverless_ignore_globals.yaml b/test/fixtures/templates/good/transform_serverless_ignore_globals.yaml new file mode 100644 index 0000000000..a1378f578a --- /dev/null +++ b/test/fixtures/templates/good/transform_serverless_ignore_globals.yaml @@ -0,0 +1,28 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 +Globals: + Function: + Runtime: nodejs6.10 + Timeout: 180 +Resources: + IgnoredFunction: + Type: AWS::Serverless::Function + IgnoreGlobals: "*" + Properties: + Runtime: nodejs22.x + Handler: index.handler + CodeUri: 's3://test-bucket/mySourceCode.zip' + SelectiveIgnoreFunction: + Type: AWS::Serverless::Function + IgnoreGlobals: + - Runtime + Properties: + Runtime: nodejs22.x + Handler: index.handler + CodeUri: 's3://test-bucket/mySourceCode.zip' + InheritsGlobalsFunction: + Type: AWS::Serverless::Function + Properties: + Handler: index.handler + CodeUri: 's3://test-bucket/mySourceCode.zip' diff --git a/test/integration/test_good_templates.py b/test/integration/test_good_templates.py index 3e5f108fd4..0a339dd7e6 100644 --- a/test/integration/test_good_templates.py +++ b/test/integration/test_good_templates.py @@ -38,94 +38,9 @@ class TestQuickStartTemplates(BaseCliTestCase): "filename": ( "test/fixtures/templates/bad/transform_serverless_template.yaml" ), - "results": [ - { - "Filename": ( - "test/fixtures/templates/bad/transform_serverless_template.yaml" - ), - "Id": "9e05773a-b0d0-f157-2955-596d9bd54749", - "Level": "Error", - "Location": { - "End": {"ColumnNumber": 2, "LineNumber": 1}, - "Path": None, - "Start": {"ColumnNumber": 1, "LineNumber": 1}, - }, - "Message": ( - "Error transforming template: Resource with id" - " [myFunctionMyTimer] is invalid. Missing required property" - " 'Schedule'." - ), - "ParentId": None, - "Rule": { - "Description": ( - "Errors found when performing transformation on the" - " template" - ), - "Id": "E0001", - "ShortDescription": ( - "Error found when transforming the template" - ), - "Source": "https://github.com/aws-cloudformation/cfn-lint", - }, - }, - { - "Filename": ( - "test/fixtures/templates/bad/transform_serverless_template.yaml" - ), - "Id": "fd751fa3-7d1f-e194-7108-eb08352814c8", - "Level": "Error", - "Location": { - "End": {"ColumnNumber": 2, "LineNumber": 1}, - "Path": None, - "Start": {"ColumnNumber": 1, "LineNumber": 1}, - }, - "Message": ( - "Error transforming template: Resource with id [ExampleLayer]" - " is invalid. Missing required property 'ContentUri'." - ), - "ParentId": None, - "Rule": { - "Description": ( - "Errors found when performing transformation on the" - " template" - ), - "Id": "E0001", - "ShortDescription": ( - "Error found when transforming the template" - ), - "Source": "https://github.com/aws-cloudformation/cfn-lint", - }, - }, - { - "Filename": ( - "test/fixtures/templates/bad/transform_serverless_template.yaml" - ), - "Id": "74181426-e865-10eb-96fd-908dfd30a358", - "Level": "Error", - "Location": { - "End": {"ColumnNumber": 2, "LineNumber": 1}, - "Path": None, - "Start": {"ColumnNumber": 1, "LineNumber": 1}, - }, - "Message": ( - "Error transforming template: Resource with id [AppName] is" - " invalid. Resource is missing the required [Location]" - " property." - ), - "ParentId": None, - "Rule": { - "Description": ( - "Errors found when performing transformation on the" - " template" - ), - "Id": "E0001", - "ShortDescription": ( - "Error found when transforming the template" - ), - "Source": "https://github.com/aws-cloudformation/cfn-lint", - }, - }, - ], + "results_filename": ( + "test/fixtures/results/good/transform_serverless_template.json" + ), "exit_code": 2, }, { @@ -204,41 +119,18 @@ class TestQuickStartTemplates(BaseCliTestCase): "filename": ( "test/fixtures/templates/good/transform_serverless_globals.yaml" ), - "results": [ - { - "Filename": str( - Path( - "test/fixtures/templates/good/transform_serverless_globals.yaml" - ) - ), - "Id": "0d9d3690-14a9-8a30-2bf4-d6515e1fe983", - "Level": "Error", - "Location": { - "End": {"ColumnNumber": 13, "LineNumber": 10}, - "Path": ["Resources", "myFunction", "Properties", "Runtime"], - "Start": {"ColumnNumber": 3, "LineNumber": 10}, - }, - "Message": ( - "Runtime 'nodejs6.10' was deprecated on '2019-08-12'. Creation" - " was disabled on '2019-07-12' and update on '2019-08-12'." - " Please consider updating to 'nodejs24.x'" - ), - "ParentId": None, - "Rule": { - "Description": ( - "Check if an EOL Lambda Runtime is specified and you cannot" - " update the function" - ), - "Id": "E2533", - "ShortDescription": ( - "Check if Lambda Function Runtimes are updatable" - ), - "Source": ( - "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html" - ), - }, - } - ], + "results_filename": ( + "test/fixtures/results/good/transform_serverless_globals.json" + ), + "exit_code": 2, + }, + { + "filename": ( + "test/fixtures/templates/good/transform_serverless_ignore_globals.yaml" + ), + "results_filename": ( + "test/fixtures/results/good/transform_serverless_ignore_globals.json" + ), "exit_code": 2, }, { diff --git a/test/integration/test_schema_files.py b/test/integration/test_schema_files.py index 6ff0599178..d06fb69b36 100644 --- a/test/integration/test_schema_files.py +++ b/test/integration/test_schema_files.py @@ -29,6 +29,8 @@ class TestSchemaFiles(TestCase): "*", "Conditions", "Description", + "Globals", + "Globals/Function/Runtime", "Mappings", "Metadata", "Metadata/AWS::CloudFormation::Interface", @@ -45,10 +47,12 @@ class TestSchemaFiles(TestCase): "Resources", "Resources/*", "Resources/*/Condition", + "Resources/*/Connectors", "Resources/*/CreationPolicy", "Resources/*/DeletionPolicy", "Resources/*/DependsOn", "Resources/*/DependsOn/*", + "Resources/*/IgnoreGlobals", "Resources/*/Metadata", "Resources/*/Metadata/AWS::CloudFormation::Init", "Resources/*/Type", @@ -219,6 +223,12 @@ def test_data_module_specs(self): # Skip synthetic types that don't follow standard schema if resource_type in ("Module", "AWS::CDK::Metadata"): continue + if resource_type.startswith("AWS::Serverless::"): + # SAM schemas don't conform to CFN provider schema format + # but we still need their keywords for rule validation + schema_resolver = RefResolver(d) + self.build_keywords(schema_resolver) + continue errs = list(validator.iter_errors(d)) self.assertListEqual( errs, [], f"Error with {resource_type} ({schema_hash}): {errs}" diff --git a/test/integration/test_transform_ignore.py b/test/integration/test_transform_ignore.py index 77729db3be..c614b655a1 100644 --- a/test/integration/test_transform_ignore.py +++ b/test/integration/test_transform_ignore.py @@ -16,7 +16,15 @@ class TestTransformIgnore(BaseCliTestCase): "filename": ( "test/fixtures/templates/bad/transform_serverless_template.yaml" ), - "exit_code": 0, + # SAM transform errors (E0001) no longer occur since SAM resources + # are validated directly via schemas. The template still has schema + # errors (E3003, E3012, etc.) which produce exit code 10 (error + + # informational). + "results_filename": ( + "test/fixtures/results/transform_ignore" + "/transform_serverless_template.json" + ), + "exit_code": 10, }, ] diff --git a/test/unit/module/context/test_inject_sam_implicit.py b/test/unit/module/context/test_inject_sam_implicit.py new file mode 100644 index 0000000000..c76ebccd89 --- /dev/null +++ b/test/unit/module/context/test_inject_sam_implicit.py @@ -0,0 +1,486 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from unittest.mock import patch + +from cfnlint.context.context import Resource, _inject_sam_implicit_resources + + +class TestInjectSamImplicitResources: + def test_non_dict_resources(self): + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources("not-a-dict", resources) + assert resources == {} + + def test_implicit_rest_api(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Api": { + "Type": "Api", + "Properties": {"Path": "/", "Method": "GET"}, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" in resources + assert "FnRole" in resources + + def test_implicit_http_api(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Http": { + "Type": "HttpApi", + "Properties": {"Path": "/", "Method": "GET"}, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessHttpApi" in resources + + def test_explicit_rest_api_id_no_implicit(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Api": { + "Type": "Api", + "Properties": { + "Path": "/", + "Method": "GET", + "RestApiId": {"Ref": "MyApi"}, + }, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + + def test_explicit_api_id_no_implicit_http(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Http": { + "Type": "HttpApi", + "Properties": { + "Path": "/", + "Method": "GET", + "ApiId": {"Ref": "MyApi"}, + }, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessHttpApi" not in resources + + def test_role_generation(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnRole" in resources + + def test_no_role_when_explicit(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Role": "arn:aws:iam::123456789012:role/role"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnRole" not in resources + + def test_state_machine_role(self): + template_resources = { + "SM": { + "Type": "AWS::Serverless::StateMachine", + "Properties": {}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "SMRole" in resources + + def test_version_alias_with_auto_publish(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"AutoPublishAlias": "live"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "Fn.Version" in resources + assert "Fn.Alias" in resources + + def test_version_alias_with_deployment_preference(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"DeploymentPreference": {"Type": "AllAtOnce"}}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "Fn.Version" in resources + assert "Fn.Alias" in resources + + def test_no_version_alias_without_publish(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Handler": "index.handler"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "Fn.Version" not in resources + assert "Fn.Alias" not in resources + + def test_non_dict_resource_skipped(self): + template_resources = {"Bad": "not-a-dict"} + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert resources == {} + + def test_non_dict_events_skipped(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Events": "not-a-dict"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + + def test_non_dict_event_skipped(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Events": {"Bad": "not-a-dict"}}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + + def test_non_dict_props_treated_as_empty(self): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": "not-a-dict", + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnRole" in resources + + @patch("cfnlint.context.context.Resource", side_effect=ValueError("mocked error")) + def test_role_value_error_is_caught(self, mock_resource): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnRole" not in resources + + @patch("cfnlint.context.context.Resource", side_effect=ValueError("mocked error")) + def test_version_alias_value_error_is_caught(self, mock_resource): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"AutoPublishAlias": "live"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "Fn.Version" not in resources + assert "Fn.Alias" not in resources + + @patch("cfnlint.context.context.Resource", side_effect=ValueError("mocked error")) + def test_implicit_rest_api_value_error_is_caught(self, mock_resource): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Api": { + "Type": "Api", + "Properties": {"Path": "/", "Method": "GET"}, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + + @patch("cfnlint.context.context.Resource", side_effect=ValueError("mocked error")) + def test_implicit_http_api_value_error_is_caught(self, mock_resource): + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Http": { + "Type": "HttpApi", + "Properties": {"Path": "/", "Method": "GET"}, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessHttpApi" not in resources + + def test_non_serverless_resource_skipped(self): + """Cover branch where resource_type is not in the SAM types tuple.""" + template_resources = { + "Bucket": { + "Type": "AWS::S3::Bucket", + "Properties": {}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert resources == {} + + def test_version_already_exists_not_overwritten(self): + """Cover branch where version_id is already in resources.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"AutoPublishAlias": "live"}, + } + } + existing = Resource({"Type": "AWS::Lambda::Version"}) + resources: dict[str, Resource] = {"Fn.Version": existing, "Fn.Alias": existing} + _inject_sam_implicit_resources(template_resources, resources) + assert resources["Fn.Version"] is existing + assert resources["Fn.Alias"] is existing + + def test_empty_events_dict(self): + """Cover branch where events.values() loop body is never entered.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Events": {}}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + assert "ServerlessHttpApi" not in resources + + def test_non_api_event_type_skipped(self): + """Cover branch where event type is neither Api nor HttpApi.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "Sqs": { + "Type": "SQS", + "Properties": {"Queue": "arn:aws:sqs:us-east-1:1:q"}, + } + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" not in resources + assert "ServerlessHttpApi" not in resources + + def test_function_url_config(self): + """FunctionUrlConfig generates a Url resource.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"FunctionUrlConfig": {"AuthType": "NONE"}}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnUrl" in resources + assert resources["FnUrl"].type == "AWS::Lambda::Url" + + def test_deployment_preference_codedeploy(self): + """DeploymentPreference generates CodeDeploy resources.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "DeploymentPreference": {"Type": "Linear10PercentEvery10Minutes"} + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessDeploymentApplication" in resources + assert "FnDeploymentGroup" in resources + assert "CodeDeployServiceRole" in resources + + def test_deployment_preference_explicit_role(self): + """DeploymentPreference with explicit Role skips CodeDeployServiceRole.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "DeploymentPreference": { + "Type": "AllAtOnce", + "Role": "arn:aws:iam::123456789012:role/my-role", + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessDeploymentApplication" in resources + assert "FnDeploymentGroup" in resources + assert "CodeDeployServiceRole" not in resources + + def test_deployment_preference_disabled(self): + """DeploymentPreference with Enabled: false generates nothing.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"DeploymentPreference": {"Enabled": False}}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessDeploymentApplication" not in resources + assert "FnDeploymentGroup" not in resources + + def test_event_permissions(self): + """Each event generates a Permission resource.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "MyApi": { + "Type": "Api", + "Properties": { + "Path": "/", + "Method": "GET", + "RestApiId": "x", + }, + }, + "MySchedule": { + "Type": "Schedule", + "Properties": {"Schedule": "rate(1 hour)"}, + }, + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "FnMyApiPermission" in resources + assert "FnMySchedulePermission" in resources + + def test_api_stage(self): + """Api always generates a Stage resource.""" + template_resources = { + "MyApi": { + "Type": "AWS::Serverless::Api", + "Properties": {"StageName": "prod"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "MyApiStage" in resources + assert resources["MyApiStage"].type == "AWS::ApiGateway::Stage" + + def test_api_domain_and_usage_plan(self): + """Api with Domain and Auth generates DomainName and UsagePlan.""" + template_resources = { + "MyApi": { + "Type": "AWS::Serverless::Api", + "Properties": { + "StageName": "prod", + "Domain": {"DomainName": "api.example.com"}, + "Auth": {"ApiKeyRequired": True}, + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "MyApiDomainName" in resources + assert "MyApiUsagePlan" in resources + + def test_http_api_stage(self): + """HttpApi always generates a Stage resource.""" + template_resources = { + "MyHttpApi": { + "Type": "AWS::Serverless::HttpApi", + "Properties": {"StageName": "prod"}, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "MyHttpApiStage" in resources + assert resources["MyHttpApiStage"].type == "AWS::ApiGatewayV2::Stage" + + def test_implicit_api_stages(self): + """Implicit APIs also get Stage resources.""" + template_resources = { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Events": { + "A": { + "Type": "Api", + "Properties": {"Path": "/", "Method": "GET"}, + }, + "B": { + "Type": "HttpApi", + "Properties": {"Path": "/", "Method": "GET"}, + }, + } + }, + } + } + resources: dict[str, Resource] = {} + _inject_sam_implicit_resources(template_resources, resources) + assert "ServerlessRestApi" in resources + assert "ServerlessRestApiStage" in resources + assert "ServerlessHttpApi" in resources + assert "ServerlessHttpApiStage" in resources diff --git a/test/unit/module/template/transforms/test_sam_globals.py b/test/unit/module/template/transforms/test_sam_globals.py new file mode 100644 index 0000000000..1723522bd2 --- /dev/null +++ b/test/unit/module/template/transforms/test_sam_globals.py @@ -0,0 +1,209 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from cfnlint.template.transforms._sam_globals import merge_globals + + +class TestMerge: + def test_dict_merge(self): + template = { + "Globals": {"Function": {"Environment": {"Variables": {"A": "1"}}}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": { + "Environment": {"Variables": {"B": "2"}}, + }, + } + }, + } + merge_globals(template) + env = template["Resources"]["Fn"]["Properties"]["Environment"]["Variables"] + assert env == {"A": "1", "B": "2"} + + def test_list_concat(self): + template = { + "Globals": {"Function": {"Layers": ["arn:layer1"]}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Layers": ["arn:layer2"]}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Layers"] == [ + "arn:layer1", + "arn:layer2", + ] + + def test_local_overrides_primitive(self): + template = { + "Globals": {"Function": {"Runtime": "python3.9"}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Runtime": "python3.12"}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Runtime"] == "python3.12" + + def test_intrinsic_local_wins(self): + template = { + "Globals": {"Function": {"Timeout": 30}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Timeout": {"Ref": "Param"}}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Timeout"] == {"Ref": "Param"} + + def test_intrinsic_global_replaced_by_local(self): + template = { + "Globals": { + "Function": {"Environment": {"Fn::If": ["Cond", {"A": "1"}, {}]}} + }, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Environment": {"Variables": {"B": "2"}}}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Environment"] == { + "Variables": {"B": "2"} + } + + def test_type_mismatch_local_wins(self): + template = { + "Globals": {"Function": {"Tags": {"Key": "Val"}}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Tags": "override"}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Tags"] == "override" + + def test_ignore_globals_star(self): + template = { + "Globals": {"Function": {"Runtime": "python3.9", "Timeout": 30}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "IgnoreGlobals": "*", + "Properties": {}, + } + }, + } + merge_globals(template) + assert "Runtime" not in template["Resources"]["Fn"]["Properties"] + + def test_ignore_globals_list(self): + template = { + "Globals": {"Function": {"Runtime": "python3.9", "Timeout": 30}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "IgnoreGlobals": ["Runtime"], + "Properties": {}, + } + }, + } + merge_globals(template) + props = template["Resources"]["Fn"]["Properties"] + assert "Runtime" not in props + assert props["Timeout"] == 30 + + def test_no_globals_section(self): + template = { + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Runtime": "python3.12"}, + } + } + } + result = merge_globals(template) + assert result is template + + def test_globals_not_dict(self): + template = {"Globals": "invalid", "Resources": {}} + result = merge_globals(template) + assert result is template + + def test_resources_not_dict(self): + template = {"Globals": {"Function": {"Runtime": "python3.9"}}} + result = merge_globals(template) + assert result is template + + def test_non_dict_resource_skipped(self): + template = { + "Globals": {"Function": {"Runtime": "python3.9"}}, + "Resources": {"Bad": "not-a-dict"}, + } + merge_globals(template) + assert template["Resources"]["Bad"] == "not-a-dict" + + def test_no_local_properties(self): + template = { + "Globals": {"Function": {"Runtime": "python3.9"}}, + "Resources": { + "Fn": {"Type": "AWS::Serverless::Function"}, + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Runtime"] == "python3.9" + + def test_unknown_globals_section_ignored(self): + template = { + "Globals": {"Unknown": {"Foo": "bar"}}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Runtime": "python3.12"}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Runtime"] == "python3.12" + + def test_non_dict_globals_props_ignored(self): + template = { + "Globals": {"Function": "not-a-dict"}, + "Resources": { + "Fn": { + "Type": "AWS::Serverless::Function", + "Properties": {"Runtime": "python3.12"}, + } + }, + } + merge_globals(template) + assert template["Resources"]["Fn"]["Properties"]["Runtime"] == "python3.12" + + def test_api_globals(self): + template = { + "Globals": {"Api": {"TracingEnabled": True}}, + "Resources": { + "MyApi": { + "Type": "AWS::Serverless::Api", + "Properties": {"StageName": "prod"}, + } + }, + } + merge_globals(template) + props = template["Resources"]["MyApi"]["Properties"] + assert props["TracingEnabled"] is True + assert props["StageName"] == "prod" diff --git a/test/unit/module/transform/test_transform.py b/test/unit/module/transform/test_transform.py deleted file mode 100644 index 7d6b658ebd..0000000000 --- a/test/unit/module/transform/test_transform.py +++ /dev/null @@ -1,177 +0,0 @@ -""" -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -SPDX-License-Identifier: MIT-0 -""" - -from test.testlib.testcase import BaseTestCase - -from cfnlint.decode import cfn_yaml -from cfnlint.template.transforms._sam import Transform - - -class TestTransform(BaseTestCase): - """Test Transform Parsing""" - - def test_parameter_for_autopublish_version(self): - """Test Parameter is created for autopublish version run""" - filename = "test/fixtures/templates/good/transform/auto_publish_alias.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual( - transformed_template._parameters, {"Stage1": "Alias", "Stage2": "Alias"} - ) - self.assertDictEqual( - transformed_template._template.get("Resources") - .get("SkillFunctionAliasAlias") - .get("Properties"), - { - "Name": "Alias", - "FunctionName": {"Ref": "SkillFunction"}, - "FunctionVersion": { - "Fn::GetAtt": ["SkillFunctionVersion55ff35af87", "Version"] - }, - }, - ) - - def test_conversion_of_application_location(self): - """Tests if serverless application converts location to string when dict""" - filename = "test/fixtures/templates/good/transform/applications_location.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertEqual( - transformed_template._template.get("Resources") - .get("App1") - .get("Properties") - .get("TemplateURL"), - "./step_function_local_definition.yaml", - ) - self.assertEqual( - transformed_template._template.get("Resources") - .get("App2") - .get("Properties") - .get("TemplateURL"), - "s3://bucket/value", - ) - - def test_conversion_of_step_function_definition_uri(self): - """ - Tests that the a serverless step function can convert - a local path to a s3 path - """ - filename = ( - "test/fixtures/templates/good/transform/step_function_local_definition.yaml" - ) - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual( - transformed_template._template.get("Resources") - .get("StateMachine") - .get("Properties") - .get("DefinitionS3Location"), - {"Bucket": "bucket", "Key": "value"}, - ) - - def test_conversion_of_serverless_function_uri(self): - """Tests that the a serverless function can convert a CodeUri Sub""" - filename = "test/fixtures/templates/good/transform/function_use_s3_uri.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual( - transformed_template._template.get("Resources") - .get("Function") - .get("Properties") - .get("Code"), - {"S3Bucket": "bucket", "S3Key": "value"}, - ) - - def test_resource_properties_dont_exist(self): - filename = "test/fixtures/templates/bad/transform/no_properties.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - results = transformed_template.transform_template() - self.assertEqual(len(results), 1) - - def test_parameter_for_autopublish_version_bad(self): - """Test Parameter is created for autopublish version run""" - filename = "test/fixtures/templates/bad/transform/auto_publish_alias.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual(transformed_template._parameters, {}) - - def test_test_function_using_image_good(self): - """Test Parameter is created for autopublish version run""" - filename = "test/fixtures/templates/good/transform/function_using_image.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual(transformed_template._parameters, {}) - - def test_sam_with_language_extension(self): - """Test language extension""" - filename = "test/fixtures/templates/good/transform/language_extension.yaml" - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - results = transformed_template.transform_template() - self.assertDictEqual( - transformed_template._template.get("Rules"), - { - "IsAutPublishAliasParameterProd": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [{"Fn::Equals": [{"Ref": "DBPolicy"}, ""]}] - } - } - ], - "RuleCondition": {"Fn::Equals": [{"Ref": "Environment"}, "Prod"]}, - } - }, - ) - self.assertEqual(results, []) - - def test_parameter_for_autopublish_code_sha256(self): - filename = ( - "test/fixtures/templates/good/transform/auto_publish_code_sha256.yaml" - ) - region = "us-east-1" - template = cfn_yaml.load(filename) - transformed_template = Transform(filename, template, region) - transformed_template.transform_template() - self.assertDictEqual(transformed_template._parameters, {}) - self.assertDictEqual( - transformed_template._template.get("Resources") - .get("LambdaFunction") - .get("Properties"), - { - "Code": { - "S3Bucket": {"Ref": "CodeBucket"}, - "S3Key": {"Fn::Sub": "${ Basepath }/lambda.zip"}, - }, - "Description": "fakesha", - "FunctionName": {"Fn::Sub": "${ AWS::StackName }"}, - "Handler": "lambda.handler", - "MemorySize": 256, - "Role": {"Fn::GetAtt": ["LambdaFunctionRole", "Arn"]}, - "Runtime": "python3.12", - "Tags": [{"Key": "lambda:createdBy", "Value": "SAM"}], - "Timeout": 30, - "TracingConfig": {"Mode": "PassThrough"}, - }, - ) - self.assertIn( - "LambdaFunctionVersionfakesha", - transformed_template._template.get("Resources").keys(), - ) diff --git a/test/unit/rules/resources/lmbd/test_events_log_group_name.py b/test/unit/rules/resources/lmbd/test_events_log_group_name.py index 85ee0ac725..aedc572711 100644 --- a/test/unit/rules/resources/lmbd/test_events_log_group_name.py +++ b/test/unit/rules/resources/lmbd/test_events_log_group_name.py @@ -25,6 +25,9 @@ def test_file_positive(self): def test_file_negative(self): """Test failure""" + # SAM event sources (CloudWatchLogs) are no longer transformed into + # AWS::Logs::SubscriptionFilter resources. The rule can only check + # explicitly declared subscription filters, not SAM-generated ones. self.helper_file_negative( - "test/fixtures/templates/bad/some_logs_stream_lambda.yaml", 1 + "test/fixtures/templates/bad/some_logs_stream_lambda.yaml", 0 ) diff --git a/test/unit/rules/resources/test_globals_transform.py b/test/unit/rules/resources/test_globals_transform.py new file mode 100644 index 0000000000..c388eeca7c --- /dev/null +++ b/test/unit/rules/resources/test_globals_transform.py @@ -0,0 +1,56 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from collections import deque + +import pytest + +from cfnlint.rules.resources.GlobalsTransform import GlobalsTransform + + +@pytest.fixture(scope="module") +def rule(): + yield GlobalsTransform() + + +@pytest.mark.parametrize( + "name,instance,template,path,expected", + [ + ( + "Valid globals with transform", + {"Function": {"Runtime": "python3.12"}}, + {"Transform": ["AWS::Serverless-2016-10-31"]}, + {"cfn_path": deque(["Globals"])}, + 0, + ), + ( + "Globals without transform", + {"Function": {"Runtime": "python3.12"}}, + {}, + {"cfn_path": deque(["Globals"])}, + 1, + ), + ( + "Non-dict instance", + "not-a-dict", + {"Transform": ["AWS::Serverless-2016-10-31"]}, + {"cfn_path": deque(["Globals"])}, + 0, + ), + ( + "Invalid globals property", + {"Function": {"Runtime": "python3.12"}, "InvalidKey": {}}, + {"Transform": ["AWS::Serverless-2016-10-31"]}, + {"cfn_path": deque(["Globals"])}, + 1, + ), + ], + indirect=["template", "path"], +) +def test_validate(name, instance, template, path, expected, rule, validator): + errors = list(rule.validate(validator, False, instance, {})) + assert len(errors) == expected, f"Test {name!r} got {errors!r}" diff --git a/test/unit/rules/resources/test_serverless_transform_attributes.py b/test/unit/rules/resources/test_serverless_transform_attributes.py new file mode 100644 index 0000000000..b89899e6a0 --- /dev/null +++ b/test/unit/rules/resources/test_serverless_transform_attributes.py @@ -0,0 +1,70 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from collections import deque + +import pytest + +from cfnlint.rules.resources.ServerlessTransformAttributes import ( + ServerlessTransformAttributes, +) + + +@pytest.fixture(scope="module") +def rule(): + yield ServerlessTransformAttributes() + + +@pytest.mark.parametrize( + "name,instance,template,path,expected", + [ + ( + "Connectors without transform", + {"MyConn": {"Properties": {"Destination": {"Id": "Table"}}}}, + {}, + { + "cfn_path": deque(["Resources", "Fn", "Connectors"]), + "path": deque(["Resources", "Fn", "Connectors"]), + }, + 1, + ), + ( + "Connectors with transform", + {"MyConn": {"Properties": {"Destination": {"Id": "Table"}}}}, + {"Transform": ["AWS::Serverless-2016-10-31"]}, + { + "cfn_path": deque(["Resources", "Fn", "Connectors"]), + "path": deque(["Resources", "Fn", "Connectors"]), + }, + 0, + ), + ( + "IgnoreGlobals without transform", + ["Runtime"], + {}, + { + "cfn_path": deque(["Resources", "Fn", "IgnoreGlobals"]), + "path": deque(["Resources", "Fn", "IgnoreGlobals"]), + }, + 1, + ), + ( + "IgnoreGlobals with transform", + ["Runtime"], + {"Transform": ["AWS::Serverless-2016-10-31"]}, + { + "cfn_path": deque(["Resources", "Fn", "IgnoreGlobals"]), + "path": deque(["Resources", "Fn", "IgnoreGlobals"]), + }, + 0, + ), + ], + indirect=["template", "path"], +) +def test_validate(name, instance, template, path, expected, rule, validator): + errors = list(rule.validate(validator, False, instance, {})) + assert len(errors) == expected, f"Test {name!r} got {errors!r}"