diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b717c2f868..6d934b0bd5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,10 +20,11 @@ jobs: os: - ubuntu-latest python: - - "3.8" - - "3.9" - "3.10" - "3.11" + - "3.12" + - "3.13" + - "3.14" steps: - uses: actions/checkout@v6 - uses: actions/setup-python@v6 diff --git a/.github/workflows/close_issue_message.yml b/.github/workflows/close_issue_message.yml index 3961d64751..2b7e91eb1c 100644 --- a/.github/workflows/close_issue_message.yml +++ b/.github/workflows/close_issue_message.yml @@ -9,7 +9,7 @@ jobs: permissions: issues: write steps: - - uses: aws-actions/closed-issue-message@v2 + - uses: aws-actions/closed-issue-message@10aaf6366131b673a7c8b7742f8b3849f1d44f18 # v2 with: # These inputs are both required repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/DEVELOPMENT_GUIDE.md b/DEVELOPMENT_GUIDE.md index 10fcec056f..5d2cf5831b 100644 --- a/DEVELOPMENT_GUIDE.md +++ b/DEVELOPMENT_GUIDE.md @@ -26,7 +26,7 @@ Environment setup ----------------- ### 1. Install Python versions -Our officially supported Python versions are 3.8, 3.9 and 3.10. +Our officially supported Python versions are 3.10, 3.11, 3.12, 3.13, 3.14 Our CI/CD pipeline is setup to run unit tests against Python 3 versions. Make sure you test it before sending a Pull Request. See [Unit testing with multiple Python versions](#unit-testing-with-multiple-python-versions). @@ -40,11 +40,13 @@ easily setup multiple Python versions. For 1. Install PyEnv - `curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash` 1. Restart shell so the path changes take effect - `exec $SHELL` -1. `pyenv install 3.8.16` -1. `pyenv install 3.9.16` -1. `pyenv install 3.10.9` +1. `pyenv install 3.10.20` +1. `pyenv install 3.11.15` +1. `pyenv install 3.12.13` +1. `pyenv install 3.13.12` +1. `pyenv install 3.14.3` 3. Make Python versions available in the project: - `pyenv local 3.8.16 3.9.16 3.10.9` + `pyenv local 3.10.20 3.11.15 3.12.13 3.13.12 3.14.3` Note: also make sure the following lines were written into your `.bashrc` (or `.zshrc`, depending on which shell you are using): ``` @@ -65,7 +67,7 @@ can be found [here](https://black.readthedocs.io/en/stable/integrations/editors. Since black is installed in virtualenv, when you follow [this instruction](https://black.readthedocs.io/en/stable/integrations/editors.html), `which black` might give you this ```bash -(sam38) $ where black +(sam310) $ where black /Users//.pyenv/shims/black ``` @@ -76,11 +78,11 @@ and this will happen: pyenv: black: command not found The `black' command exists in these Python versions: - 3.8.16/envs/sam38 - sam38 + 3.10.16/envs/sam310 + sam310 ``` -A simple workaround is to use `/Users//.pyenv/versions/sam38/bin/black` +A simple workaround is to use `/Users//.pyenv/versions/sam310/bin/black` instead of `/Users//.pyenv/shims/black`. #### Pre-commit @@ -98,15 +100,15 @@ handy plugin that can create virtualenv. Depending on the python version, the following commands would change to be the appropriate python version. -1. Create Virtualenv `sam38` for Python3.8: `pyenv virtualenv 3.8.16 sam38` -1. Activate Virtualenv: `pyenv activate sam38` +1. Create Virtualenv `sam310` for Python3.10: `pyenv virtualenv 3.10.16 sam310` +1. Activate Virtualenv: `pyenv activate sam310` ### 4. Install dev version of SAM transform We will install a development version of SAM transform from source into the virtualenv. -1. Activate Virtualenv: `pyenv activate sam38` +1. Activate Virtualenv: `pyenv activate sam310` 1. Install dev version of SAM transform: `make init` Running tests @@ -120,10 +122,10 @@ Run `make test` or `make test-fast`. Once all tests pass make sure to run ### Unit testing with multiple Python versions -Currently, our officially supported Python versions are 3.8, 3.9 and 3.10. For the most -part, code that works in Python3.8 will work in Pythons 3.9 and 3.10. You only run into problems if you are -trying to use features released in a higher version (for example features introduced into Python3.10 -will not work in Python3.9). If you want to test in many versions, you can create a virtualenv for +Currently, our officially supported Python versions are 3.10, 3.11, 3.12, 3.13 and 3.14. For the most +part, code that works in Python 3.10 will work in later versions. You only run into problems if you are +trying to use features released in a higher version (for example features introduced into Python 3.13 +will not work in Python 3.12). If you want to test in many versions, you can create a virtualenv for each version and flip between them (sourcing the activate script). Typically, we run all tests in one python version locally and then have our ci (appveyor) run all supported versions. diff --git a/bin/_file_formatter.py b/bin/_file_formatter.py index 7e092b234c..94c7401a68 100644 --- a/bin/_file_formatter.py +++ b/bin/_file_formatter.py @@ -5,7 +5,6 @@ import sys from abc import ABC, abstractmethod from pathlib import Path -from typing import Type class FileFormatter(ABC): @@ -34,7 +33,7 @@ def format_str(self, input_str: str) -> str: @staticmethod @abstractmethod - def decode_exception() -> Type[Exception]: + def decode_exception() -> type[Exception]: """Return the exception class when the file content cannot be decoded.""" @staticmethod diff --git a/bin/add_transform_test.py b/bin/add_transform_test.py index ec85b53c97..a8057098bc 100755 --- a/bin/add_transform_test.py +++ b/bin/add_transform_test.py @@ -1,5 +1,6 @@ #!/usr/bin/env python """Automatically create transform tests input and output files given an input template.""" + import argparse import json import shutil @@ -7,7 +8,7 @@ import sys from copy import deepcopy from pathlib import Path -from typing import Any, Dict +from typing import Any from unittest.mock import patch import boto3 @@ -31,12 +32,12 @@ CLI_OPTIONS = parser.parse_args() -def read_json_file(file_path: Path) -> Dict[str, Any]: - template: Dict[str, Any] = json.loads(file_path.read_text(encoding="utf-8")) +def read_json_file(file_path: Path) -> dict[str, Any]: + template: dict[str, Any] = json.loads(file_path.read_text(encoding="utf-8")) return template -def write_json_file(obj: Dict[str, Any], file_path: Path) -> None: +def write_json_file(obj: dict[str, Any], file_path: Path) -> None: with file_path.open("w", encoding="utf-8") as f: json.dump(obj, f, indent=2, sort_keys=True) @@ -54,8 +55,9 @@ def generate_transform_test_output_files(input_file_path: Path, file_basename: s } for _, (region, output_path) in transform_test_output_paths.items(): - with patch("samtranslator.translator.arn_generator._get_region_from_session", return_value=region), patch( - "boto3.session.Session.region_name", region + with ( + patch("samtranslator.translator.arn_generator._get_region_from_session", return_value=region), + patch("boto3.session.Session.region_name", region), ): # Implicit API Plugin may alter input template file, thus passing a copy here. output_fragment = transform(deepcopy(manifest), {}, ManagedPolicyLoader(iam_client)) diff --git a/bin/json-format.py b/bin/json-format.py index c2ae78729f..fdea54084b 100755 --- a/bin/json-format.py +++ b/bin/json-format.py @@ -1,5 +1,6 @@ #!/usr/bin/env python """JSON file formatter (without prettier).""" + import sys from pathlib import Path @@ -7,7 +8,6 @@ sys.path.insert(0, str(Path(__file__).absolute().parent.parent)) import json -from typing import Type from bin._file_formatter import FileFormatter @@ -23,7 +23,7 @@ def format_str(self, input_str: str) -> str: return json.dumps(obj, indent=2, sort_keys=True) + "\n" @staticmethod - def decode_exception() -> Type[Exception]: + def decode_exception() -> type[Exception]: return json.JSONDecodeError @staticmethod diff --git a/bin/parse_cdk_cfn_docs.py b/bin/parse_cdk_cfn_docs.py index 27f6caa610..03d94d0c7c 100755 --- a/bin/parse_cdk_cfn_docs.py +++ b/bin/parse_cdk_cfn_docs.py @@ -11,13 +11,13 @@ import json import sys -from typing import Any, Dict +from typing import Any def main() -> None: obj = json.load(sys.stdin) - out: Dict[str, Any] = {"properties": {}} + out: dict[str, Any] = {"properties": {}} for k, v in obj["Types"].items(): kk = k.replace(".", " ") vv = v["properties"] diff --git a/bin/public_interface.py b/bin/public_interface.py index 7c47889396..fa20f681c4 100755 --- a/bin/public_interface.py +++ b/bin/public_interface.py @@ -7,6 +7,7 @@ (see https://peps.python.org/pep-0008/#descriptive-naming-styles) This CLI tool helps automate the detection of compatibility-breaking changes. """ + import argparse import ast import importlib @@ -17,17 +18,17 @@ import string import sys from pathlib import Path -from typing import Any, Dict, List, NamedTuple, Optional, Set, Union +from typing import Any, NamedTuple, Union _ARGUMENT_SELF = {"kind": "POSITIONAL_OR_KEYWORD", "name": "self"} _PRINTABLE_CHARS = set(string.printable) class InterfaceScanner: - def __init__(self, skipped_modules: Optional[List[str]] = None) -> None: - self.signatures: Dict[str, Union[inspect.Signature]] = {} - self.variables: Set[str] = set() - self.skipped_modules: Set[str] = set(skipped_modules or []) + def __init__(self, skipped_modules: list[str] | None = None) -> None: + self.signatures: dict[str, Union[inspect.Signature]] = {} + self.variables: set[str] = set() + self.skipped_modules: set[str] = set(skipped_modules or []) def scan_interfaces_recursively(self, module_name: str) -> None: if module_name in self.skipped_modules: @@ -63,7 +64,7 @@ def _scan_variables_in_module(self, module_name: str) -> None: else: module_path = module_path.with_suffix(".py") tree = ast.parse("".join([char for char in module_path.read_text() if char in _PRINTABLE_CHARS])) - assignments: List[ast.Assign] = [node for node in ast.iter_child_nodes(tree) if isinstance(node, ast.Assign)] + assignments: list[ast.Assign] = [node for node in ast.iter_child_nodes(tree) if isinstance(node, ast.Assign)] for assignment in assignments: for target in assignment.targets: if not isinstance(target, ast.Name): @@ -97,8 +98,8 @@ def _scan_methods_in_class(self, class_name: str, _class: Any) -> None: self.signatures[full_path] = inspect.signature(method) -def _print(signature: Dict[str, inspect.Signature], variables: Set[str]) -> None: - result: Dict[str, Any] = {"routines": {}, "variables": sorted(variables)} +def _print(signature: dict[str, inspect.Signature], variables: set[str]) -> None: + result: dict[str, Any] = {"routines": {}, "variables": sorted(variables)} for key, value in signature.items(): result["routines"][key] = [ ( @@ -116,23 +117,23 @@ def _print(signature: Dict[str, inspect.Signature], variables: Set[str]) -> None class _BreakingChanges(NamedTuple): - deleted_variables: List[str] - deleted_routines: List[str] - incompatible_routines: List[str] + deleted_variables: list[str] + deleted_routines: list[str] + incompatible_routines: list[str] def is_empty(self) -> bool: return not any([self.deleted_variables, self.deleted_routines, self.incompatible_routines]) @staticmethod - def _argument_to_str(argument: Dict[str, Any]) -> str: + def _argument_to_str(argument: dict[str, Any]) -> str: if "default" in argument: return f'{argument["name"]}={argument["default"]}' return str(argument["name"]) def print_markdown( self, - original_routines: Dict[str, List[Dict[str, Any]]], - routines: Dict[str, List[Dict[str, Any]]], + original_routines: dict[str, list[dict[str, Any]]], + routines: dict[str, list[dict[str, Any]]], ) -> None: """Print all breaking changes in markdown.""" print("\n# Compatibility breaking changes:") @@ -156,7 +157,7 @@ def print_markdown( def _only_new_optional_arguments_or_existing_arguments_optionalized_or_var_arguments( - original_arguments: List[Dict[str, Any]], arguments: List[Dict[str, Any]] + original_arguments: list[dict[str, Any]], arguments: list[dict[str, Any]] ) -> bool: if len(original_arguments) > len(arguments): return False @@ -178,7 +179,7 @@ def _only_new_optional_arguments_or_existing_arguments_optionalized_or_var_argum ) -def _is_compatible(original_arguments: List[Dict[str, Any]], arguments: List[Dict[str, Any]]) -> bool: +def _is_compatible(original_arguments: list[dict[str, Any]], arguments: list[dict[str, Any]]) -> bool: """ If there is an argument change, it is compatible only when - new optional arguments are added or existing arguments become optional. @@ -201,13 +202,13 @@ def _is_compatible(original_arguments: List[Dict[str, Any]], arguments: List[Dic def _detect_breaking_changes( - original_routines: Dict[str, List[Dict[str, Any]]], - original_variables: Set[str], - routines: Dict[str, List[Dict[str, Any]]], - variables: Set[str], + original_routines: dict[str, list[dict[str, Any]]], + original_variables: set[str], + routines: dict[str, list[dict[str, Any]]], + variables: set[str], ) -> _BreakingChanges: - deleted_routines: List[str] = [] - incompatible_routines: List[str] = [] + deleted_routines: list[str] = [] + incompatible_routines: list[str] = [] for routine_path, arguments in original_routines.items(): if routine_path not in routines: deleted_routines.append(routine_path) diff --git a/bin/run_cfn_lint.sh b/bin/run_cfn_lint.sh index 92c448eac6..0ce5bfb3f2 100755 --- a/bin/run_cfn_lint.sh +++ b/bin/run_cfn_lint.sh @@ -11,10 +11,12 @@ fi "${VENV}/bin/python" -m pip install cfn-lint --upgrade --quiet # update cfn schema with retry logic (can fail due to network issues) +# --regions us-east-1 avoids a cfn-lint bug where updating all regions causes a +# multiprocessing pickle error. See https://github.com/aws-cloudformation/cfn-lint/issues/4379 MAX_RETRIES=3 RETRY_COUNT=0 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do - if "${VENV}/bin/cfn-lint" -u; then + if "${VENV}/bin/cfn-lint" -u --regions us-east-1; then echo "Successfully updated cfn-lint schema" break else diff --git a/bin/sam-translate.py b/bin/sam-translate.py index 80903ae8db..3ae9c4a98d 100755 --- a/bin/sam-translate.py +++ b/bin/sam-translate.py @@ -4,6 +4,7 @@ Known limitations: cannot transform CodeUri pointing at local directory. """ + import argparse import json import logging @@ -12,7 +13,6 @@ import sys from functools import reduce from pathlib import Path -from typing import List import boto3 @@ -71,7 +71,7 @@ logging.basicConfig() -def execute_command(command: str, args: List[str]) -> None: +def execute_command(command: str, args: list[str]) -> None: try: aws_cmd = "aws" if platform.system().lower() != "windows" else "aws.cmd" command_with_args = [aws_cmd, "cloudformation", command, *list(args)] diff --git a/bin/transform-test-error-json-format.py b/bin/transform-test-error-json-format.py index 998fa2bf64..1493021ed4 100755 --- a/bin/transform-test-error-json-format.py +++ b/bin/transform-test-error-json-format.py @@ -5,6 +5,7 @@ It makes error json easier to review by breaking down "errorMessage" into list of strings (delimiter: ". "). """ + import sys from pathlib import Path @@ -12,7 +13,7 @@ sys.path.insert(0, str(Path(__file__).absolute().parent.parent)) import json -from typing import Final, Type +from typing import Final from bin._file_formatter import FileFormatter @@ -41,7 +42,7 @@ def format_str(self, input_str: str) -> str: return json.dumps(obj, indent=2, sort_keys=True) + "\n" @staticmethod - def decode_exception() -> Type[Exception]: + def decode_exception() -> type[Exception]: return json.JSONDecodeError @staticmethod diff --git a/bin/yaml-format.py b/bin/yaml-format.py index 4009e4a0e5..c684a2b619 100755 --- a/bin/yaml-format.py +++ b/bin/yaml-format.py @@ -1,5 +1,6 @@ #!/usr/bin/env python """JSON file formatter (without prettier).""" + import sys from pathlib import Path from textwrap import dedent @@ -9,7 +10,7 @@ import re from io import StringIO -from typing import Any, Dict, Type +from typing import Any # We use ruamel.yaml for parsing yaml files because it can preserve comments from ruamel.yaml import YAML @@ -53,7 +54,7 @@ def format_str(self, input_str: str) -> str: return formatted @staticmethod - def _add_test_metadata(obj: Dict[str, Any]) -> None: + def _add_test_metadata(obj: dict[str, Any]) -> None: metadata = obj.get("Metadata", {}) if not metadata: metadata = obj["Metadata"] = {} @@ -63,7 +64,7 @@ def _add_test_metadata(obj: Dict[str, Any]) -> None: metadata["SamTransformTest"] = True @staticmethod - def decode_exception() -> Type[Exception]: + def decode_exception() -> type[Exception]: return YAMLError @staticmethod @@ -75,11 +76,9 @@ def config_additional_args(cls) -> None: cls.arg_parser.add_argument( "--add-test-metadata", action="store_true", - help=dedent( - """\ + help=dedent("""\ Add the testing metadata to yaml file if it doesn't exist: - "Metadata: SamTransformTest: true" """ - ), + "Metadata: SamTransformTest: true" """), ) diff --git a/docs/globals.rst b/docs/globals.rst index ed83e64902..466d684ee7 100644 --- a/docs/globals.rst +++ b/docs/globals.rst @@ -99,6 +99,7 @@ Currently, the following resources and properties are being supported: OpenApiVersion: Domain: SecurityPolicy: + EndpointAccessMode: HttpApi: # Properties of AWS::Serverless::HttpApi diff --git a/integration/combination/test_function_with_cwe_dlq_generated.py b/integration/combination/test_function_with_cwe_dlq_generated.py index 34296e205f..4e5aceba74 100644 --- a/integration/combination/test_function_with_cwe_dlq_generated.py +++ b/integration/combination/test_function_with_cwe_dlq_generated.py @@ -36,7 +36,7 @@ def test_function_with_cwe(self): # checking policy action actions = dlq_policy_statement["Action"] - action_list = actions if isinstance(actions, list) == list else [actions] + action_list = actions if isinstance(actions, list) else [actions] self.assertEqual(len(action_list), 1, "Only one action must be in dead-letter queue policy") self.assertEqual( action_list[0], "sqs:SendMessage", "Action referenced in dead-letter queue policy must be 'sqs:SendMessage'" diff --git a/integration/combination/test_function_with_mq.py b/integration/combination/test_function_with_mq.py index 60012a0a2b..a1e403282a 100644 --- a/integration/combination/test_function_with_mq.py +++ b/integration/combination/test_function_with_mq.py @@ -5,7 +5,7 @@ from integration.config.service_names import MQ from integration.helpers.base_test import BaseTest, nonblocking -from integration.helpers.resource import current_region_does_not_support, generate_suffix +from integration.helpers.resource import current_region_does_not_support @skipIf(current_region_does_not_support([MQ]), "MQ is not supported in this testing region") @@ -16,32 +16,23 @@ def companion_stack_outputs(self, get_companion_stack_outputs): @parameterized.expand( [ - ("combination/function_with_mq", "MQBrokerName", "MQBrokerUserSecretName", "PreCreatedSubnetOne"), - ( - "combination/function_with_mq_using_autogen_role", - "MQBrokerName2", - "MQBrokerUserSecretName2", - "PreCreatedSubnetTwo", - ), + ("combination/function_with_mq",), + ("combination/function_with_mq_using_autogen_role",), ] ) @nonblocking - def test_function_with_mq(self, file_name, mq_broker, mq_secret, subnet_key): + def test_function_with_mq(self, file_name): companion_stack_outputs = self.companion_stack_outputs - parameters = self.get_parameters(companion_stack_outputs, subnet_key) - secret_name = mq_secret + "-" + generate_suffix() - parameters.append(self.generate_parameter(mq_secret, secret_name)) - secret_name = mq_broker + "-" + generate_suffix() - parameters.append(self.generate_parameter(mq_broker, secret_name)) + parameters = [ + self.generate_parameter("PreCreatedMqBrokerArn", companion_stack_outputs["PreCreatedMqBrokerArn"]), + self.generate_parameter( + "PreCreatedMqBrokerSecretArn", companion_stack_outputs["PreCreatedMqBrokerSecretArn"] + ), + ] self.create_and_verify_stack(file_name, parameters) - mq_client = self.client_provider.mq_client - mq_broker_id = self.get_physical_id_by_type("AWS::AmazonMQ::Broker") - broker_summary = get_broker_summary(mq_broker_id, mq_client) - - self.assertEqual(len(broker_summary), 1, "One MQ cluster should be present") - mq_broker_arn = broker_summary[0]["BrokerArn"] + mq_broker_arn = companion_stack_outputs["PreCreatedMqBrokerArn"] lambda_client = self.client_provider.lambda_client function_name = self.get_physical_id_by_type("AWS::Lambda::Function") @@ -54,15 +45,3 @@ def test_function_with_mq(self, file_name, mq_broker, mq_secret, subnet_key): self.assertEqual(event_source_mapping_function_arn, lambda_function_arn) self.assertEqual(event_source_mapping_mq_broker_arn, mq_broker_arn) - - def get_parameters(self, dictionary, subnet_key): - parameters = [] - parameters.append(self.generate_parameter("PreCreatedVpc", dictionary["PreCreatedVpc"])) - parameters.append(self.generate_parameter(subnet_key, dictionary[subnet_key])) - parameters.append(self.generate_parameter("PreCreatedInternetGateway", dictionary["PreCreatedInternetGateway"])) - return parameters - - -def get_broker_summary(mq_broker_id, mq_client): - broker_summaries = mq_client.list_brokers()["BrokerSummaries"] - return [broker_summary for broker_summary in broker_summaries if broker_summary["BrokerId"] == mq_broker_id] diff --git a/integration/combination/test_function_with_msk.py b/integration/combination/test_function_with_msk.py index 9adb00c6d4..acc6f0a4c9 100644 --- a/integration/combination/test_function_with_msk.py +++ b/integration/combination/test_function_with_msk.py @@ -4,13 +4,9 @@ from integration.config.service_names import MSK from integration.helpers.base_test import BaseTest, nonblocking -from integration.helpers.resource import current_region_does_not_support, generate_suffix +from integration.helpers.resource import current_region_does_not_support -# Mark this test suite as nonblocking tests since MSK Cluster creation can take -# up to 30 minutes according to https://docs.aws.amazon.com/msk/latest/developerguide/troubleshooting.html#troubleshooting-cluster-stuck -# This would cause the test to fail due to MSK Cluster did not stablize. -# We should investigate any other cause of failures. @skipIf(current_region_does_not_support([MSK]), "MSK is not supported in this testing region") @nonblocking class TestFunctionWithMsk(BaseTest): @@ -19,38 +15,25 @@ def companion_stack_outputs(self, get_companion_stack_outputs): self.companion_stack_outputs = get_companion_stack_outputs def test_function_with_msk_trigger(self): - companion_stack_outputs = self.companion_stack_outputs - parameters = self.get_parameters(companion_stack_outputs) - cluster_name = "MskCluster-" + generate_suffix() - parameters.append(self.generate_parameter("MskClusterName", cluster_name)) + parameters = self.get_parameters() self._common_validations_for_MSK("combination/function_with_msk", parameters) def test_function_with_msk_trigger_using_manage_policy(self): - companion_stack_outputs = self.companion_stack_outputs - parameters = self.get_parameters(companion_stack_outputs) - cluster_name = "MskCluster2-" + generate_suffix() - parameters.append(self.generate_parameter("MskClusterName2", cluster_name)) + parameters = self.get_parameters() self._common_validations_for_MSK("combination/function_with_msk_using_managed_policy", parameters) def test_function_with_msk_trigger_and_s3_onfailure_events_destinations(self): - companion_stack_outputs = self.companion_stack_outputs - parameters = self.get_parameters(companion_stack_outputs) - cluster_name = "MskCluster3-" + generate_suffix() - parameters.append(self.generate_parameter("MskClusterName3", cluster_name)) + parameters = self.get_parameters() self._common_validations_for_MSK( "combination/function_with_msk_trigger_and_s3_onfailure_events_destinations", parameters ) def test_function_with_msk_trigger_and_premium_features(self): - companion_stack_outputs = self.companion_stack_outputs - parameters = self.get_parameters(companion_stack_outputs) - cluster_name = "MskCluster4-" + generate_suffix() - parameters.append(self.generate_parameter("MskClusterName4", cluster_name)) + parameters = self.get_parameters() self._common_validations_for_MSK("combination/function_with_msk_trigger_and_premium_features", parameters) event_source_mapping_result = self._common_validations_for_MSK( "combination/function_with_msk_trigger_and_confluent_schema_registry", parameters ) - # Verify error handling properties are correctly set self.assertTrue(event_source_mapping_result.get("BisectBatchOnFunctionError")) self.assertEqual(event_source_mapping_result.get("MaximumRecordAgeInSeconds"), 3600) self.assertEqual(event_source_mapping_result.get("MaximumRetryAttempts"), 3) @@ -59,15 +42,8 @@ def test_function_with_msk_trigger_and_premium_features(self): def _common_validations_for_MSK(self, file_name, parameters): self.create_and_verify_stack(file_name, parameters) - kafka_client = self.client_provider.kafka_client + msk_cluster_arn = self.companion_stack_outputs["PreCreatedMskClusterArn"] - msk_cluster_id = self.get_physical_id_by_type("AWS::MSK::Cluster") - cluster_info_list = kafka_client.list_clusters()["ClusterInfoList"] - cluster_info = [x for x in cluster_info_list if x["ClusterArn"] == msk_cluster_id] - - self.assertEqual(len(cluster_info), 1, "One MSK cluster should be present") - - msk_cluster_arn = cluster_info[0]["ClusterArn"] lambda_client = self.client_provider.lambda_client function_name = self.get_physical_id_by_type("AWS::Lambda::Function") lambda_function_arn = lambda_client.get_function_configuration(FunctionName=function_name)["FunctionArn"] @@ -82,8 +58,7 @@ def _common_validations_for_MSK(self, file_name, parameters): self.assertEqual(event_source_mapping_kafka_cluster_arn, msk_cluster_arn) return event_source_mapping_result - def get_parameters(self, dictionary): - parameters = [] - parameters.append(self.generate_parameter("PreCreatedSubnetOne", dictionary["PreCreatedSubnetOne"])) - parameters.append(self.generate_parameter("PreCreatedSubnetTwo", dictionary["PreCreatedSubnetTwo"])) - return parameters + def get_parameters(self): + return [ + self.generate_parameter("PreCreatedMskClusterArn", self.companion_stack_outputs["PreCreatedMskClusterArn"]), + ] diff --git a/integration/config/service_names.py b/integration/config/service_names.py index 7177d4436a..6f975d8463 100644 --- a/integration/config/service_names.py +++ b/integration/config/service_names.py @@ -39,3 +39,4 @@ SNS_FILTER_POLICY_SCOPE = "SnsFilterPolicyScope" LOGS = "Logs" EVENT_RULE_WITH_EVENT_BUS = "EventRuleWithEventBus" +SECURITY_POLICY_REST_API = "RestApiTlsPolicy" diff --git a/integration/conftest.py b/integration/conftest.py index f0058b630f..589b6ca04a 100644 --- a/integration/conftest.py +++ b/integration/conftest.py @@ -1,4 +1,5 @@ import logging +import os from pathlib import Path import boto3 @@ -6,6 +7,7 @@ import pytest from botocore.exceptions import ClientError +from integration.config.service_names import MQ, MSK from integration.helpers.base_test import S3_BUCKET_PREFIX from integration.helpers.client_provider import ClientProvider from integration.helpers.deployer.exceptions.exceptions import S3DoesNotExistException, ThrottlingError @@ -20,7 +22,7 @@ LOG = logging.getLogger(__name__) -COMPANION_STACK_NAME = "sam-integ-stack-companion" +COMPANION_STACK_NAME = os.environ.get("COMPANION_STACK_NAME", "sam-integ-stack-companion") COMPANION_STACK_TEMPLATE = "companion-stack.yaml" SAR_APP_TEMPLATE = "example-sar-app.yaml" SAR_APP_NAME = "sam-integration-test-sar-app" @@ -62,6 +64,9 @@ def clean_all_integ_buckets(): @pytest.fixture() def setup_companion_stack_once(tmpdir_factory, get_prefix): + # When COMPANION_STACK_NAME is set via env var, the stack is pre-created by the test platform + if os.environ.get("COMPANION_STACK_NAME"): + return tests_integ_dir = Path(__file__).resolve().parents[1] template_folder = Path(tests_integ_dir, "integration", "setup") companion_stack_template_path = Path(template_folder, COMPANION_STACK_TEMPLATE) @@ -69,7 +74,19 @@ def setup_companion_stack_once(tmpdir_factory, get_prefix): output_dir = tmpdir_factory.mktemp("data") stack_name = get_prefix + COMPANION_STACK_NAME companion_stack = Stack(stack_name, companion_stack_template_path, cfn_client, output_dir) - companion_stack.create_or_update(_stack_exists(stack_name)) + parameters = _companion_stack_parameters() + companion_stack.create_or_update(_stack_exists(stack_name), parameters) + + +def _companion_stack_parameters(): + """Return companion stack parameters, disabling MSK/MQ in unsupported regions.""" + + params = [] + if current_region_does_not_support([MSK]): + params.append({"ParameterKey": "CreateMskCluster", "ParameterValue": "false"}) + if current_region_does_not_support([MQ]): + params.append({"ParameterKey": "CreateMqBroker", "ParameterValue": "false"}) + return params @pytest.fixture() @@ -155,6 +172,8 @@ def get_s3_uri(file_name, uri_type, bucket, region): @pytest.fixture() def delete_companion_stack_once(get_prefix): + if os.environ.get("COMPANION_STACK_NAME"): + return if not get_prefix: ClientProvider().cfn_client.delete_stack(StackName=COMPANION_STACK_NAME) @@ -179,7 +198,11 @@ def get_stack_outputs(stack_description): @pytest.fixture() def get_companion_stack_outputs(get_prefix): - companion_stack_description = get_stack_description(get_prefix + COMPANION_STACK_NAME) + if os.environ.get("COMPANION_STACK_NAME"): + stack_name = COMPANION_STACK_NAME + else: + stack_name = get_prefix + COMPANION_STACK_NAME + companion_stack_description = get_stack_description(stack_name) return get_stack_outputs(companion_stack_description) diff --git a/integration/helpers/base_test.py b/integration/helpers/base_test.py index 57b8c28709..720a8a25a0 100644 --- a/integration/helpers/base_test.py +++ b/integration/helpers/base_test.py @@ -93,7 +93,7 @@ def setUpClass(cls): cls.tests_integ_dir = Path(__file__).resolve().parents[1] cls.resources_dir = Path(cls.tests_integ_dir, "resources") cls.template_dir = Path(cls.resources_dir, "templates") - cls.output_dir = Path(cls.tests_integ_dir, "tmp" + "-" + generate_suffix()) + cls.output_dir = Path("/tmp", "tmp-" + generate_suffix()) cls.expected_dir = Path(cls.resources_dir, "expected") cls.code_dir = Path(cls.resources_dir, "code") cls.session = boto3.session.Session() diff --git a/integration/helpers/deployer/deployer.py b/integration/helpers/deployer/deployer.py index 65bb73595d..89b3c51850 100644 --- a/integration/helpers/deployer/deployer.py +++ b/integration/helpers/deployer/deployer.py @@ -116,7 +116,7 @@ def create_changeset( :return: """ - if type == "UPDATE": + if changeset_type == "UPDATE": # UsePreviousValue not valid if parameter is new summary = self._client.get_template_summary(StackName=stack_name) existing_parameters = [parameter["ParameterKey"] for parameter in summary["Parameters"]] @@ -271,10 +271,8 @@ def wait_for_changeset(self, changeset_id, stack_name): reason = resp.get("StatusReason", "") if ( - status == "FAILED" - and "The submitted information didn't contain changes." in reason - or "No updates are to be performed" in reason - ): + status == "FAILED" and "The submitted information didn't contain changes." in reason + ) or "No updates are to be performed" in reason: raise deploy_exceptions.ChangeEmptyError(stack_name=stack_name) raise deploy_exceptions.ChangeSetError( diff --git a/integration/helpers/deployer/utils/colors.py b/integration/helpers/deployer/utils/colors.py index e97e395b3a..421a16ff65 100644 --- a/integration/helpers/deployer/utils/colors.py +++ b/integration/helpers/deployer/utils/colors.py @@ -3,7 +3,7 @@ This was ported over from the sam-cli repo """ -from typing import Dict, Literal +from typing import Literal SupportedColor = Literal["red", "green", "yellow"] @@ -21,8 +21,8 @@ def cprint(text: str, color: SupportedColor) -> None: class DeployColor: def __init__(self): - self.changeset_color_map: Dict[str, SupportedColor] = {"Add": "green", "Modify": "yellow", "Remove": "red"} - self.status_color_map: Dict[str, SupportedColor] = { + self.changeset_color_map: dict[str, SupportedColor] = {"Add": "green", "Modify": "yellow", "Remove": "red"} + self.status_color_map: dict[str, SupportedColor] = { "CREATE_COMPLETE": "green", "CREATE_FAILED": "red", "CREATE_IN_PROGRESS": "yellow", diff --git a/integration/helpers/resource.py b/integration/helpers/resource.py index 604f317663..d1d4d52141 100644 --- a/integration/helpers/resource.py +++ b/integration/helpers/resource.py @@ -2,8 +2,9 @@ import random import re import string +from collections.abc import Callable, Iterator from pathlib import Path -from typing import Any, Callable, Dict, Iterator, Set +from typing import Any import boto3 from botocore.exceptions import NoRegionError @@ -144,10 +145,16 @@ def _get_region(): return region +_TMP_CONFIG_DIR = Path("/tmp/integration/config") + + def read_test_config_file(filename): """Reads test config file and returns the contents""" tests_integ_dir = Path(__file__).resolve().parents[1] test_config_file_path = Path(tests_integ_dir, "config", filename) + tmp_path = Path(_TMP_CONFIG_DIR, filename) + if not test_config_file_path.is_file() and tmp_path.is_file(): + test_config_file_path = tmp_path if not test_config_file_path.is_file(): return {} test_config = load_yaml(str(test_config_file_path)) @@ -155,10 +162,9 @@ def read_test_config_file(filename): def write_test_config_file_to_json(filename, input): - """Reads test config file and returns the contents""" - tests_integ_dir = Path(__file__).resolve().parents[1] - test_config_file_path = Path(tests_integ_dir, "config", filename) - with open(test_config_file_path, "w") as f: + """Writes test config file as JSON to /tmp for portability across environments.""" + _TMP_CONFIG_DIR.mkdir(parents=True, exist_ok=True) + with open(Path(_TMP_CONFIG_DIR, filename), "w") as f: json.dump(input, f) @@ -187,7 +193,7 @@ def current_region_does_not_support(services): return bool(set(services).intersection(set(region_exclude_services["regions"][region]))) -def _resource_using_inline_statemachine_definition(resource: Dict[str, Any]) -> bool: +def _resource_using_inline_statemachine_definition(resource: dict[str, Any]) -> bool: resource_type = resource.get("Type") properties = resource.get("Properties", {}) if resource_type == "AWS::StepFunctions::StateMachine" and properties.get("DefinitionString"): @@ -197,23 +203,23 @@ def _resource_using_inline_statemachine_definition(resource: Dict[str, Any]) -> return False -def _resource_using_s3_events(resource: Dict[str, Any]) -> bool: +def _resource_using_s3_events(resource: dict[str, Any]) -> bool: resource_type = resource.get("Type") properties = resource.get("Properties", {}) return resource_type == "AWS::S3::Bucket" and properties.get("NotificationConfiguration") -def _get_all_event_sources(template_dict: Dict[str, Any]) -> Iterator[Dict[str, Any]]: +def _get_all_event_sources(template_dict: dict[str, Any]) -> Iterator[dict[str, Any]]: resources = template_dict.get("Resources", {}).values() for resource in resources: yield from resource.get("Properties", {}).get("Events", {}).values() -def _event_using_sns_filter_policy_scope(event: Dict[str, Any]) -> bool: +def _event_using_sns_filter_policy_scope(event: dict[str, Any]) -> bool: return event["Type"] == "SNS" and "FilterPolicyScope" in event.get("Properties", {}) -SERVICE_DETECTORS: Dict[str, Callable[[Dict[str, Any], Set[str]], bool]] = { +SERVICE_DETECTORS: dict[str, Callable[[dict[str, Any], set[str]], bool]] = { HTTP_API: lambda template_dict, cfn_resource_types: "AWS::ApiGatewayV2::Api" in cfn_resource_types, REST_API: lambda template_dict, cfn_resource_types: "AWS::ApiGateway::RestApi" in cfn_resource_types, SQS: lambda template_dict, cfn_resource_types: "AWS::SQS::Queue" in cfn_resource_types, @@ -234,7 +240,7 @@ def _event_using_sns_filter_policy_scope(event: Dict[str, Any]) -> bool: } -def detect_services(template_dict: Dict[str, Any], cfn_resource_types: Set[str]): +def detect_services(template_dict: dict[str, Any], cfn_resource_types: set[str]): """ Detect which services are used in the template. diff --git a/integration/helpers/stack.py b/integration/helpers/stack.py index 7f787aaa09..8f10c0e157 100644 --- a/integration/helpers/stack.py +++ b/integration/helpers/stack.py @@ -19,10 +19,10 @@ def __init__(self, stack_name, template_path, cfn_client, output_dir): self.stack_description = None self.stack_resources = None - def create_or_update(self, update): + def create_or_update(self, update, parameters=None): output_template_path = self._generate_output_file_path(self.template_path, self.output_dir) transform_template(self.template_path, output_template_path) - self._deploy_stack(output_template_path, update) + self._deploy_stack(output_template_path, update, parameters) def delete(self): self.cfn_client.delete_stack(StackName=self.stack_name) diff --git a/integration/resources/expected/combination/function_with_mq.json b/integration/resources/expected/combination/function_with_mq.json index 400d440d88..ec31755c2d 100644 --- a/integration/resources/expected/combination/function_with_mq.json +++ b/integration/resources/expected/combination/function_with_mq.json @@ -7,32 +7,8 @@ "LogicalResourceId": "MyLambdaExecutionRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "PublicSubnetRouteTableAssociation", - "ResourceType": "AWS::EC2::SubnetRouteTableAssociation" - }, - { - "LogicalResourceId": "MQSecurityGroup", - "ResourceType": "AWS::EC2::SecurityGroup" - }, - { - "LogicalResourceId": "MyMqBroker", - "ResourceType": "AWS::AmazonMQ::Broker" - }, - { - "LogicalResourceId": "RouteTable", - "ResourceType": "AWS::EC2::RouteTable" - }, - { - "LogicalResourceId": "MQBrokerUserSecret", - "ResourceType": "AWS::SecretsManager::Secret" - }, { "LogicalResourceId": "MyLambdaFunctionMyMqEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" - }, - { - "LogicalResourceId": "Route", - "ResourceType": "AWS::EC2::Route" } ] diff --git a/integration/resources/expected/combination/function_with_mq_using_autogen_role.json b/integration/resources/expected/combination/function_with_mq_using_autogen_role.json index 3bad715007..efa36687ff 100644 --- a/integration/resources/expected/combination/function_with_mq_using_autogen_role.json +++ b/integration/resources/expected/combination/function_with_mq_using_autogen_role.json @@ -7,32 +7,8 @@ "LogicalResourceId": "MyLambdaFunctionRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "PublicSubnetRouteTableAssociation", - "ResourceType": "AWS::EC2::SubnetRouteTableAssociation" - }, - { - "LogicalResourceId": "MQSecurityGroup", - "ResourceType": "AWS::EC2::SecurityGroup" - }, - { - "LogicalResourceId": "MyMqBroker", - "ResourceType": "AWS::AmazonMQ::Broker" - }, - { - "LogicalResourceId": "RouteTable", - "ResourceType": "AWS::EC2::RouteTable" - }, - { - "LogicalResourceId": "MQBrokerUserSecret", - "ResourceType": "AWS::SecretsManager::Secret" - }, { "LogicalResourceId": "MyLambdaFunctionMyMqEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" - }, - { - "LogicalResourceId": "Route", - "ResourceType": "AWS::EC2::Route" } ] diff --git a/integration/resources/expected/combination/function_with_msk.json b/integration/resources/expected/combination/function_with_msk.json index c0b6d8162f..22cb89b5db 100644 --- a/integration/resources/expected/combination/function_with_msk.json +++ b/integration/resources/expected/combination/function_with_msk.json @@ -7,10 +7,6 @@ "LogicalResourceId": "MyLambdaExecutionRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "MyMskCluster", - "ResourceType": "AWS::MSK::Cluster" - }, { "LogicalResourceId": "MyMskStreamProcessorMyMskEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" diff --git a/integration/resources/expected/combination/function_with_msk_trigger_and_premium_features.json b/integration/resources/expected/combination/function_with_msk_trigger_and_premium_features.json index e45f42ea51..073a366d70 100644 --- a/integration/resources/expected/combination/function_with_msk_trigger_and_premium_features.json +++ b/integration/resources/expected/combination/function_with_msk_trigger_and_premium_features.json @@ -7,10 +7,6 @@ "LogicalResourceId": "MyLambdaExecutionRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "MyMskCluster", - "ResourceType": "AWS::MSK::Cluster" - }, { "LogicalResourceId": "MyMskStreamProcessorMyMskEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" diff --git a/integration/resources/expected/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.json b/integration/resources/expected/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.json index e45f42ea51..073a366d70 100644 --- a/integration/resources/expected/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.json +++ b/integration/resources/expected/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.json @@ -7,10 +7,6 @@ "LogicalResourceId": "MyLambdaExecutionRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "MyMskCluster", - "ResourceType": "AWS::MSK::Cluster" - }, { "LogicalResourceId": "MyMskStreamProcessorMyMskEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" diff --git a/integration/resources/expected/combination/function_with_msk_using_managed_policy.json b/integration/resources/expected/combination/function_with_msk_using_managed_policy.json index a17f16c863..6a888febbf 100644 --- a/integration/resources/expected/combination/function_with_msk_using_managed_policy.json +++ b/integration/resources/expected/combination/function_with_msk_using_managed_policy.json @@ -7,10 +7,6 @@ "LogicalResourceId": "MyMskStreamProcessorRole", "ResourceType": "AWS::IAM::Role" }, - { - "LogicalResourceId": "MyMskCluster", - "ResourceType": "AWS::MSK::Cluster" - }, { "LogicalResourceId": "MyMskStreamProcessorMyMskEvent", "ResourceType": "AWS::Lambda::EventSourceMapping" diff --git a/integration/resources/expected/single/api_with_custom_domain_security_policy_edge.json b/integration/resources/expected/single/api_with_custom_domain_security_policy_edge.json new file mode 100644 index 0000000000..d45f763995 --- /dev/null +++ b/integration/resources/expected/single/api_with_custom_domain_security_policy_edge.json @@ -0,0 +1,26 @@ +[ + { + "LogicalResourceId": "MyApi", + "ResourceType": "AWS::ApiGateway::RestApi" + }, + { + "LogicalResourceId": "MyApiDeployment", + "ResourceType": "AWS::ApiGateway::Deployment" + }, + { + "LogicalResourceId": "MyApiProdStage", + "ResourceType": "AWS::ApiGateway::Stage" + }, + { + "LogicalResourceId": "ApiGatewayDomainName", + "ResourceType": "AWS::ApiGateway::DomainName" + }, + { + "LogicalResourceId": "MyApiBasePathMapping", + "ResourceType": "AWS::ApiGateway::BasePathMapping" + }, + { + "LogicalResourceId": "RecordSetGroup", + "ResourceType": "AWS::Route53::RecordSetGroup" + } +] diff --git a/integration/resources/expected/single/api_with_custom_domain_security_policy_regional.json b/integration/resources/expected/single/api_with_custom_domain_security_policy_regional.json new file mode 100644 index 0000000000..d45f763995 --- /dev/null +++ b/integration/resources/expected/single/api_with_custom_domain_security_policy_regional.json @@ -0,0 +1,26 @@ +[ + { + "LogicalResourceId": "MyApi", + "ResourceType": "AWS::ApiGateway::RestApi" + }, + { + "LogicalResourceId": "MyApiDeployment", + "ResourceType": "AWS::ApiGateway::Deployment" + }, + { + "LogicalResourceId": "MyApiProdStage", + "ResourceType": "AWS::ApiGateway::Stage" + }, + { + "LogicalResourceId": "ApiGatewayDomainName", + "ResourceType": "AWS::ApiGateway::DomainName" + }, + { + "LogicalResourceId": "MyApiBasePathMapping", + "ResourceType": "AWS::ApiGateway::BasePathMapping" + }, + { + "LogicalResourceId": "RecordSetGroup", + "ResourceType": "AWS::Route53::RecordSetGroup" + } +] diff --git a/integration/resources/expected/single/api_with_endpoint_access_mode.json b/integration/resources/expected/single/api_with_endpoint_access_mode.json new file mode 100644 index 0000000000..30b334c234 --- /dev/null +++ b/integration/resources/expected/single/api_with_endpoint_access_mode.json @@ -0,0 +1,14 @@ +[ + { + "LogicalResourceId": "MyApi", + "ResourceType": "AWS::ApiGateway::RestApi" + }, + { + "LogicalResourceId": "MyApiDeployment", + "ResourceType": "AWS::ApiGateway::Deployment" + }, + { + "LogicalResourceId": "MyApiProdStage", + "ResourceType": "AWS::ApiGateway::Stage" + } +] diff --git a/integration/resources/templates/combination/function_with_mq.yaml b/integration/resources/templates/combination/function_with_mq.yaml index d9bc1e9898..9eced3ef94 100644 --- a/integration/resources/templates/combination/function_with_mq.yaml +++ b/integration/resources/templates/combination/function_with_mq.yaml @@ -1,83 +1,10 @@ Parameters: - MQBrokerUser: - Description: The user to access the Amazon MQ broker. + PreCreatedMqBrokerArn: Type: String - Default: testBrokerUser - MinLength: 2 - ConstraintDescription: The Amazon MQ broker user is required ! - MQBrokerPassword: - Description: The password to access the Amazon MQ broker. Min 12 characters + PreCreatedMqBrokerSecretArn: Type: String - Default: testBrokerPassword - MinLength: 12 - ConstraintDescription: The Amazon MQ broker password is required ! - NoEcho: true - PreCreatedVpc: - Type: String - PreCreatedSubnetOne: - Type: String - MQBrokerUserSecretName: - Type: String - PreCreatedInternetGateway: - Type: String - MQBrokerName: - Description: The name of MQ Broker - Type: String - Default: TestMQBroker Resources: - RouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: PreCreatedVpc - - Route: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: RouteTable - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: - Ref: PreCreatedInternetGateway - - PublicSubnetRouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - SubnetId: - Ref: PreCreatedSubnetOne - RouteTableId: - Ref: RouteTable - - MQSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: Limits security group ingress and egress traffic for the Amazon - MQ instance - VpcId: - Ref: PreCreatedVpc - SecurityGroupIngress: - - IpProtocol: tcp - FromPort: 8162 - ToPort: 8162 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 61617 - ToPort: 61617 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 5671 - ToPort: 5671 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 61614 - ToPort: 61614 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 8883 - ToPort: 8883 - CidrIp: 10.0.0.0/16 - MyLambdaExecutionRole: Type: AWS::IAM::Role Properties: @@ -106,62 +33,22 @@ Resources: Tags: - {Value: SAM, Key: lambda:createdBy} - MyMqBroker: - Properties: - BrokerName: - Ref: MQBrokerName - DeploymentMode: SINGLE_INSTANCE - EngineType: ACTIVEMQ - EngineVersion: 5.18 - HostInstanceType: mq.t3.micro - Logs: - Audit: true - General: true - PubliclyAccessible: true - AutoMinorVersionUpgrade: true - SecurityGroups: - - Ref: MQSecurityGroup - SubnetIds: - - Ref: PreCreatedSubnetOne - Users: - - ConsoleAccess: true - Groups: - - admin - Username: - Ref: MQBrokerUser - Password: - Ref: MQBrokerPassword - Type: AWS::AmazonMQ::Broker - DependsOn: MyLambdaExecutionRole - MyLambdaFunction: Type: AWS::Serverless::Function Properties: Runtime: nodejs18.x Handler: index.handler CodeUri: ${codeuri} - Role: - Fn::GetAtt: [MyLambdaExecutionRole, Arn] + Role: !GetAtt MyLambdaExecutionRole.Arn Events: MyMqEvent: Type: MQ Properties: - Broker: - Fn::GetAtt: MyMqBroker.Arn - Queues: - - TestQueue + Broker: !Ref PreCreatedMqBrokerArn + Queues: [TestQueue] SourceAccessConfigurations: - Type: BASIC_AUTH - URI: - Ref: MQBrokerUserSecret + URI: !Ref PreCreatedMqBrokerSecretArn - MQBrokerUserSecret: - Type: AWS::SecretsManager::Secret - Properties: - Name: - Ref: MQBrokerUserSecretName - SecretString: - Fn::Sub: '{"username":"${MQBrokerUser}","password":"${MQBrokerPassword}"}' - Description: SecretsManager Secret for broker user and password Metadata: SamTransformTest: true diff --git a/integration/resources/templates/combination/function_with_mq_using_autogen_role.yaml b/integration/resources/templates/combination/function_with_mq_using_autogen_role.yaml index 394578465e..78f209d46f 100644 --- a/integration/resources/templates/combination/function_with_mq_using_autogen_role.yaml +++ b/integration/resources/templates/combination/function_with_mq_using_autogen_role.yaml @@ -1,110 +1,10 @@ Parameters: - MQBrokerUser: - Description: The user to access the Amazon MQ broker. + PreCreatedMqBrokerArn: Type: String - Default: testBrokerUser - MinLength: 2 - ConstraintDescription: The Amazon MQ broker user is required ! - MQBrokerPassword: - Description: The password to access the Amazon MQ broker. Min 12 characters + PreCreatedMqBrokerSecretArn: Type: String - Default: testBrokerPassword - MinLength: 12 - ConstraintDescription: The Amazon MQ broker password is required ! - NoEcho: true - PreCreatedVpc: - Type: String - PreCreatedSubnetTwo: - Type: String - MQBrokerUserSecretName2: - Type: String - PreCreatedInternetGateway: - Type: String - MQBrokerName2: - Description: The name of MQ Broker - Type: String - Default: TestMQBroker2 Resources: - RouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: - Ref: PreCreatedVpc - - Route: - Type: AWS::EC2::Route - Properties: - RouteTableId: - Ref: RouteTable - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: - Ref: PreCreatedInternetGateway - - PublicSubnetRouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - SubnetId: - Ref: PreCreatedSubnetTwo - RouteTableId: - Ref: RouteTable - - MQSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: Limits security group ingress and egress traffic for the Amazon - MQ instance - VpcId: - Ref: PreCreatedVpc - SecurityGroupIngress: - - IpProtocol: tcp - FromPort: 8162 - ToPort: 8162 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 61617 - ToPort: 61617 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 5671 - ToPort: 5671 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 61614 - ToPort: 61614 - CidrIp: 10.0.0.0/16 - - IpProtocol: tcp - FromPort: 8883 - ToPort: 8883 - CidrIp: 10.0.0.0/16 - - MyMqBroker: - Properties: - BrokerName: - Ref: MQBrokerName2 - DeploymentMode: SINGLE_INSTANCE - EngineType: ACTIVEMQ - EngineVersion: 5.18 - HostInstanceType: mq.t3.micro - Logs: - Audit: true - General: true - PubliclyAccessible: true - AutoMinorVersionUpgrade: true - SecurityGroups: - - Ref: MQSecurityGroup - SubnetIds: - - Ref: PreCreatedSubnetTwo - Users: - - ConsoleAccess: true - Groups: - - admin - Username: - Ref: MQBrokerUser - Password: - Ref: MQBrokerPassword - Type: AWS::AmazonMQ::Broker - MyLambdaFunction: Type: AWS::Serverless::Function Properties: @@ -115,22 +15,11 @@ Resources: MyMqEvent: Type: MQ Properties: - Broker: - Fn::GetAtt: MyMqBroker.Arn - Queues: - - TestQueue + Broker: !Ref PreCreatedMqBrokerArn + Queues: [TestQueue] SourceAccessConfigurations: - Type: BASIC_AUTH - URI: - Ref: MQBrokerUserSecret + URI: !Ref PreCreatedMqBrokerSecretArn - MQBrokerUserSecret: - Type: AWS::SecretsManager::Secret - Properties: - Name: - Ref: MQBrokerUserSecretName2 - SecretString: - Fn::Sub: '{"username":"${MQBrokerUser}","password":"${MQBrokerPassword}"}' - Description: SecretsManager Secret for broker user and password Metadata: SamTransformTest: true diff --git a/integration/resources/templates/combination/function_with_msk.yaml b/integration/resources/templates/combination/function_with_msk.yaml index 91f3a0992d..69ff354a7a 100644 --- a/integration/resources/templates/combination/function_with_msk.yaml +++ b/integration/resources/templates/combination/function_with_msk.yaml @@ -1,9 +1,5 @@ Parameters: - PreCreatedSubnetOne: - Type: String - PreCreatedSubnetTwo: - Type: String - MskClusterName: + PreCreatedMskClusterArn: Type: String Resources: @@ -32,22 +28,6 @@ Resources: Tags: - {Value: SAM, Key: lambda:createdBy} - MyMskCluster: - Type: AWS::MSK::Cluster - Properties: - BrokerNodeGroupInfo: - ClientSubnets: - - Ref: PreCreatedSubnetOne - - Ref: PreCreatedSubnetTwo - InstanceType: kafka.t3.small - StorageInfo: - EBSStorageInfo: - VolumeSize: 1 - ClusterName: - Ref: MskClusterName - KafkaVersion: 3.8.x - NumberOfBrokerNodes: 2 - MyMskStreamProcessor: Type: AWS::Serverless::Function Properties: @@ -63,7 +43,7 @@ Resources: Enabled: false StartingPosition: LATEST Stream: - Ref: MyMskCluster + Ref: PreCreatedMskClusterArn Topics: - MyDummyTestTopic diff --git a/integration/resources/templates/combination/function_with_msk_trigger_and_premium_features.yaml b/integration/resources/templates/combination/function_with_msk_trigger_and_premium_features.yaml index 90de1dbd90..f6037b65c7 100644 --- a/integration/resources/templates/combination/function_with_msk_trigger_and_premium_features.yaml +++ b/integration/resources/templates/combination/function_with_msk_trigger_and_premium_features.yaml @@ -1,9 +1,5 @@ Parameters: - PreCreatedSubnetOne: - Type: String - PreCreatedSubnetTwo: - Type: String - MskClusterName4: + PreCreatedMskClusterArn: Type: String Resources: @@ -32,22 +28,6 @@ Resources: Tags: - {Value: SAM, Key: lambda:createdBy} - MyMskCluster: - Type: AWS::MSK::Cluster - Properties: - BrokerNodeGroupInfo: - ClientSubnets: - - Ref: PreCreatedSubnetOne - - Ref: PreCreatedSubnetTwo - InstanceType: kafka.t3.small - StorageInfo: - EBSStorageInfo: - VolumeSize: 1 - ClusterName: - Ref: MskClusterName4 - KafkaVersion: 3.8.x - NumberOfBrokerNodes: 2 - MyMskStreamProcessor: Type: AWS::Serverless::Function Properties: @@ -63,7 +43,7 @@ Resources: Enabled: false StartingPosition: LATEST Stream: - Ref: MyMskCluster + Ref: PreCreatedMskClusterArn Topics: - SchemaRegistryTestTopic DestinationConfig: @@ -86,8 +66,6 @@ Resources: EventRecordFormat: JSON SchemaRegistryURI: https://confluent.us-east-2.aws.confluent.cloud:9092 - - PreCreatedS3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Delete diff --git a/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml b/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml index 6e79110756..e2c67649fb 100644 --- a/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml +++ b/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml @@ -1,9 +1,5 @@ Parameters: - PreCreatedSubnetOne: - Type: String - PreCreatedSubnetTwo: - Type: String - MskClusterName3: + PreCreatedMskClusterArn: Type: String Resources: @@ -37,22 +33,6 @@ Resources: Tags: - {Value: SAM, Key: lambda:createdBy} - MyMskCluster: - Type: AWS::MSK::Cluster - Properties: - BrokerNodeGroupInfo: - ClientSubnets: - - Ref: PreCreatedSubnetOne - - Ref: PreCreatedSubnetTwo - InstanceType: kafka.t3.small - StorageInfo: - EBSStorageInfo: - VolumeSize: 1 - ClusterName: - Ref: MskClusterName3 - KafkaVersion: 3.8.x - NumberOfBrokerNodes: 2 - MyMskStreamProcessor: Type: AWS::Serverless::Function Properties: @@ -68,7 +48,7 @@ Resources: Enabled: false StartingPosition: LATEST Stream: - Ref: MyMskCluster + Ref: PreCreatedMskClusterArn Topics: - MyDummyTestTopic DestinationConfig: diff --git a/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml b/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml index 4c2bcf7e92..bb355efa8e 100644 --- a/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml +++ b/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml @@ -1,28 +1,8 @@ Parameters: - PreCreatedSubnetOne: - Type: String - PreCreatedSubnetTwo: - Type: String - MskClusterName2: + PreCreatedMskClusterArn: Type: String Resources: - MyMskCluster: - Type: AWS::MSK::Cluster - Properties: - BrokerNodeGroupInfo: - ClientSubnets: - - Ref: PreCreatedSubnetOne - - Ref: PreCreatedSubnetTwo - InstanceType: kafka.t3.small - StorageInfo: - EBSStorageInfo: - VolumeSize: 1 - ClusterName: - Ref: MskClusterName2 - KafkaVersion: 3.8.x - NumberOfBrokerNodes: 2 - MyMskStreamProcessor: Type: AWS::Serverless::Function Properties: @@ -36,7 +16,7 @@ Resources: Enabled: false StartingPosition: LATEST Stream: - Ref: MyMskCluster + Ref: PreCreatedMskClusterArn Topics: - MyDummyTestTopic diff --git a/integration/resources/templates/single/api_with_custom_domain_security_policy_edge.yaml b/integration/resources/templates/single/api_with_custom_domain_security_policy_edge.yaml new file mode 100644 index 0000000000..b12ed721ff --- /dev/null +++ b/integration/resources/templates/single/api_with_custom_domain_security_policy_edge.yaml @@ -0,0 +1,27 @@ +Parameters: + DomainName: + Type: String + CertificateArn: + Type: String + HostedZoneId: + Type: String + +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: ${definitionuri} + EndpointConfiguration: + Type: EDGE + Domain: + DomainName: !Ref DomainName + CertificateArn: !Ref CertificateArn + EndpointConfiguration: EDGE + SecurityPolicy: SecurityPolicy_TLS13_2025_EDGE + EndpointAccessMode: STRICT + Route53: + HostedZoneId: !Ref HostedZoneId + +Metadata: + SamTransformTest: true diff --git a/integration/resources/templates/single/api_with_custom_domain_security_policy_regional.yaml b/integration/resources/templates/single/api_with_custom_domain_security_policy_regional.yaml new file mode 100644 index 0000000000..4799cc90f5 --- /dev/null +++ b/integration/resources/templates/single/api_with_custom_domain_security_policy_regional.yaml @@ -0,0 +1,27 @@ +Parameters: + DomainName: + Type: String + CertificateArn: + Type: String + HostedZoneId: + Type: String + +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: ${definitionuri} + EndpointConfiguration: + Type: REGIONAL + Domain: + DomainName: !Ref DomainName + CertificateArn: !Ref CertificateArn + EndpointConfiguration: REGIONAL + SecurityPolicy: SecurityPolicy_TLS13_1_3_2025_09 + EndpointAccessMode: STRICT + Route53: + HostedZoneId: !Ref HostedZoneId + +Metadata: + SamTransformTest: true diff --git a/integration/resources/templates/single/api_with_endpoint_access_mode.yaml b/integration/resources/templates/single/api_with_endpoint_access_mode.yaml new file mode 100644 index 0000000000..40b1cb3279 --- /dev/null +++ b/integration/resources/templates/single/api_with_endpoint_access_mode.yaml @@ -0,0 +1,20 @@ +Parameters: + SecurityPolicyValue: + Type: String + Default: SecurityPolicy_TLS13_1_3_2025_09 + EndpointAccessModeValue: + Type: String + Default: STRICT + +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: ${definitionuri} + SecurityPolicy: !Ref SecurityPolicyValue + EndpointAccessMode: !Ref EndpointAccessModeValue + EndpointConfiguration: + Type: REGIONAL +Metadata: + SamTransformTest: true diff --git a/integration/ruff.toml b/integration/ruff.toml index 2ee0fd223c..046510cfeb 100644 --- a/integration/ruff.toml +++ b/integration/ruff.toml @@ -1,8 +1,8 @@ # black formatter takes care of the line length -line-length = 999 +line-length = 320 -# Mininal python version we support is 3.8 -target-version = "py38" +# Minimal python version we support is 3.10 +target-version = "py310" # The code quality of tests can be a bit lower compared to samtranslator lint.select = [ diff --git a/integration/setup/companion-stack.yaml b/integration/setup/companion-stack.yaml index 9f67bd3ffd..13a2be3128 100644 --- a/integration/setup/companion-stack.yaml +++ b/integration/setup/companion-stack.yaml @@ -1,3 +1,21 @@ +Parameters: + CreateMskCluster: + Type: String + Default: 'true' + AllowedValues: ['true', 'false'] + CreateMqBroker: + Type: String + Default: 'true' + AllowedValues: ['true', 'false'] + +Conditions: + ShouldCreateMsk: + Fn::Equals: [!Ref CreateMskCluster, 'true'] + ShouldCreateMq: + Fn::Equals: [!Ref CreateMqBroker, 'true'] + HasNewMqInstanceTypes: + Fn::Equals: [!Ref "AWS::Region", ap-southeast-6] + Resources: PreCreatedVpc: Type: AWS::EC2::VPC @@ -141,6 +159,103 @@ Resources: Tags: - Key: Name Value: !Sub "${AWS::StackName}-CloudWatchLogsEndpoint" + + PreCreatedMskCluster: + Type: AWS::MSK::Cluster + Condition: ShouldCreateMsk + Properties: + BrokerNodeGroupInfo: + ClientSubnets: + - !Ref PreCreatedSubnetOne + - !Ref PreCreatedSubnetTwo + InstanceType: kafka.t3.small + StorageInfo: + EBSStorageInfo: + VolumeSize: 1 + ClusterName: !Sub "${AWS::StackName}-msk" + KafkaVersion: 3.8.x + NumberOfBrokerNodes: 2 + + MQRouteTable: + Type: AWS::EC2::RouteTable + Condition: ShouldCreateMq + Properties: + VpcId: !Ref PreCreatedVpc + + MQRoute: + Type: AWS::EC2::Route + Condition: ShouldCreateMq + Properties: + RouteTableId: !Ref MQRouteTable + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref PreCreatedInternetGateway + + MQSubnetRouteTableAssociation: + Type: AWS::EC2::SubnetRouteTableAssociation + Condition: ShouldCreateMq + Properties: + SubnetId: !Ref PreCreatedSubnetOne + RouteTableId: !Ref MQRouteTable + + MQSecurityGroup: + Type: AWS::EC2::SecurityGroup + Condition: ShouldCreateMq + Properties: + GroupDescription: Security group for Amazon MQ broker + VpcId: !Ref PreCreatedVpc + SecurityGroupIngress: + - {IpProtocol: tcp, FromPort: 8162, ToPort: 8162, CidrIp: 10.0.0.0/16} + - {IpProtocol: tcp, FromPort: 61617, ToPort: 61617, CidrIp: 10.0.0.0/16} + - {IpProtocol: tcp, FromPort: 5671, ToPort: 5671, CidrIp: 10.0.0.0/16} + - {IpProtocol: tcp, FromPort: 61614, ToPort: 61614, CidrIp: 10.0.0.0/16} + - {IpProtocol: tcp, FromPort: 8883, ToPort: 8883, CidrIp: 10.0.0.0/16} + + PreCreatedMqBroker: + Type: AWS::AmazonMQ::Broker + Condition: ShouldCreateMq + Properties: + BrokerName: !Sub "${AWS::StackName}-mq" + DeploymentMode: SINGLE_INSTANCE + EngineType: ACTIVEMQ + EngineVersion: '5.18' + HostInstanceType: !If [HasNewMqInstanceTypes, mq.m7i.large, mq.t3.micro] + Logs: {Audit: true, General: true} + PubliclyAccessible: true + AutoMinorVersionUpgrade: true + SecurityGroups: [!Ref MQSecurityGroup] + SubnetIds: [!Ref PreCreatedSubnetOne] + Users: + - ConsoleAccess: true + Groups: [admin] + Username: testBrokerUser + Password: testBrokerPassword + + PreCreatedMqBrokerSecret: + Type: AWS::SecretsManager::Secret + Condition: ShouldCreateMq + Properties: + Name: !Sub "${AWS::StackName}-mq-secret" + SecretString: '{"username":"testBrokerUser","password":"testBrokerPassword"}' + Description: SecretsManager Secret for pre-created MQ broker + + ApiGatewayLoggingRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: apigateway.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" + + ApiGatewayAccount: + Type: AWS::ApiGateway::Account + DependsOn: ApiGatewayLoggingRole + Properties: + CloudWatchRoleArn: !GetAtt ApiGatewayLoggingRole.Arn Outputs: PreCreatedVpc: Description: Pre-created VPC that can be used inside other tests @@ -175,5 +290,17 @@ Outputs: LMIKMSKeyArn: Description: ARN of the KMS key for Capacity Provider Value: !GetAtt LMIKMSKey.Arn + PreCreatedMskClusterArn: + Condition: ShouldCreateMsk + Description: ARN of the pre-created MSK cluster + Value: !Ref PreCreatedMskCluster + PreCreatedMqBrokerArn: + Condition: ShouldCreateMq + Description: ARN of the pre-created MQ broker + Value: !GetAtt PreCreatedMqBroker.Arn + PreCreatedMqBrokerSecretArn: + Condition: ShouldCreateMq + Description: ARN of the MQ broker credentials secret + Value: !Ref PreCreatedMqBrokerSecret Metadata: SamTransformTest: true diff --git a/integration/single/test_api_with_custom_domain_security_policy.py b/integration/single/test_api_with_custom_domain_security_policy.py new file mode 100644 index 0000000000..6bb571689c --- /dev/null +++ b/integration/single/test_api_with_custom_domain_security_policy.py @@ -0,0 +1,39 @@ +from unittest.case import skipIf + +from integration.config.service_names import CUSTOM_DOMAIN, SECURITY_POLICY_REST_API +from integration.helpers.base_internal_test import BaseInternalTest +from integration.helpers.base_test import nonblocking +from integration.helpers.resource import current_region_does_not_support, current_region_not_included + + +@skipIf( + current_region_not_included([CUSTOM_DOMAIN]) or current_region_does_not_support([SECURITY_POLICY_REST_API]), + "Custom domain or SecurityPolicy are not supported in this testing region", +) +@nonblocking +class TestApiWithCustomDomainSecurityPolicy(BaseInternalTest): + """ + Test AWS::Serverless::Api with SecurityPolicy and EndpointAccessMode in Domain configuration + """ + + def test_api_with_custom_domain_security_policy_regional(self): + self.create_and_verify_stack("single/api_with_custom_domain_security_policy_regional") + + domain_name_id = self.get_physical_id_by_type("AWS::ApiGateway::DomainName") + result = self.client_provider.api_client.get_domain_name(domainName=domain_name_id) + + end_point_config = result["endpointConfiguration"] + self.assertEqual(["REGIONAL"], end_point_config["types"]) + self.assertEqual("SecurityPolicy_TLS13_1_3_2025_09", result["securityPolicy"]) + self.assertEqual("STRICT", result["endpointAccessMode"]) + + def test_api_with_custom_domain_security_policy_edge(self): + self.create_and_verify_stack("single/api_with_custom_domain_security_policy_edge") + + domain_name_id = self.get_physical_id_by_type("AWS::ApiGateway::DomainName") + result = self.client_provider.api_client.get_domain_name(domainName=domain_name_id) + + end_point_config = result["endpointConfiguration"] + self.assertEqual(["EDGE"], end_point_config["types"]) + self.assertEqual("SecurityPolicy_TLS13_2025_EDGE", result["securityPolicy"]) + self.assertEqual("STRICT", result["endpointAccessMode"]) diff --git a/integration/single/test_api_with_endpoint_access_mode.py b/integration/single/test_api_with_endpoint_access_mode.py new file mode 100644 index 0000000000..c5a3b7e404 --- /dev/null +++ b/integration/single/test_api_with_endpoint_access_mode.py @@ -0,0 +1,41 @@ +from unittest.case import skipIf + +from integration.config.service_names import REST_API, SECURITY_POLICY_REST_API +from integration.helpers.base_test import BaseTest +from integration.helpers.resource import current_region_does_not_support + + +@skipIf( + current_region_does_not_support([REST_API, SECURITY_POLICY_REST_API]), + "Rest API or SecurityPolicy are not supported in this testing region", +) +class TestApiWithEndpointAccessMode(BaseTest): + """ + Tests for AWS::Serverless::Api with EndpointAccessMode property + """ + + def test_api_with_endpoint_access_mode(self): + # Create stack with STRICT + parameters = [ + {"ParameterKey": "SecurityPolicyValue", "ParameterValue": "SecurityPolicy_TLS13_1_3_2025_09"}, + {"ParameterKey": "EndpointAccessModeValue", "ParameterValue": "STRICT"}, + ] + self.create_and_verify_stack("single/api_with_endpoint_access_mode", parameters) + + rest_api_id = self.get_physical_id_by_type("AWS::ApiGateway::RestApi") + rest_api = self.client_provider.api_client.get_rest_api(restApiId=rest_api_id) + + self.assertEqual(rest_api["securityPolicy"], "SecurityPolicy_TLS13_1_3_2025_09") + self.assertEqual(rest_api["endpointAccessMode"], "STRICT") + + # Update stack with BASIC + update_parameters = [ + {"ParameterKey": "SecurityPolicyValue", "ParameterValue": "SecurityPolicy_TLS13_1_3_2025_09"}, + {"ParameterKey": "EndpointAccessModeValue", "ParameterValue": "BASIC"}, + ] + self.update_stack(parameters=update_parameters) + + rest_api = self.client_provider.api_client.get_rest_api(restApiId=rest_api_id) + + self.assertEqual(rest_api["securityPolicy"], "SecurityPolicy_TLS13_1_3_2025_09") + self.assertEqual(rest_api["endpointAccessMode"], "BASIC") diff --git a/pyproject.toml b/pyproject.toml index bb5eabbf7e..fa9f9ee0ed 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.black] line-length = 120 -target_version = ['py38', 'py39', 'py310'] +target_version = ['py310', 'py311', 'py312', 'py313', 'py314'] exclude = ''' ( diff --git a/requirements/base.txt b/requirements/base.txt index 9ec209cd3c..052f39ad93 100755 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -1,8 +1,6 @@ boto3>=1.34.0,<2.0.0 jsonschema<5,>=4.23 -typing_extensions>=4.4 # 3.8 doesn't have Required, TypeGuard and ParamSpec +typing_extensions>=4.4 # resource validation & schema generation -# we should remove support for Python 3.8 soon (and 3.9), but supporting it for now -pydantic>=2.10.6; python_version>="3.8" -pydantic~=2.12.5; python_version>="3.9" +pydantic~=2.13.3 diff --git a/requirements/dev.txt b/requirements/dev.txt index 437f77af19..50604a40cd 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -4,7 +4,7 @@ pytest-xdist>=2.5,<4 pytest-env>=0.6,<1 pytest-rerunfailures>=9.1,<12 pyyaml~=6.0 -ruff~=0.4.5 +ruff~=0.15.6 # Test requirements pytest>=6.2,<8 @@ -19,7 +19,7 @@ tenacity~=9.0 requests~=2.28 # formatter -black==24.3.0 +black==26.3.1 ruamel.yaml==0.17.21 # It can parse yaml while perserving comments # type check diff --git a/ruff.toml b/ruff.toml index 13e5915347..570d144d51 100644 --- a/ruff.toml +++ b/ruff.toml @@ -1,8 +1,8 @@ # black formatter takes care of the line length -line-length = 999 +line-length = 320 -# Mininal python version we support is 3.8 -target-version = "py38" +# Minimal python version we support is 3.10 +target-version = "py310" lint.select = [ "E", # pycodestyle diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 433ac92a77..88c2a43cab 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = "1.109.0" +__version__ = "1.110.0" diff --git a/samtranslator/feature_toggle/feature_toggle.py b/samtranslator/feature_toggle/feature_toggle.py index 5a51a6fece..5961ea110b 100644 --- a/samtranslator/feature_toggle/feature_toggle.py +++ b/samtranslator/feature_toggle/feature_toggle.py @@ -2,7 +2,7 @@ import logging from abc import ABC, abstractmethod from pathlib import Path -from typing import Any, Dict, Optional, cast +from typing import Any, cast import boto3 from botocore.config import Config @@ -32,9 +32,9 @@ class FeatureToggle: def __init__( self, config_provider: "FeatureToggleConfigProvider", - stage: Optional[str], - account_id: Optional[str], - region: Optional[str], + stage: str | None, + account_id: str | None, + region: str | None, ) -> None: self.feature_config = config_provider.config self.stage = stage @@ -102,7 +102,7 @@ class FeatureToggleConfigProvider(ABC): @property @abstractmethod - def config(self) -> Dict[str, Any]: + def config(self) -> dict[str, Any]: pass @@ -113,7 +113,7 @@ def __init__(self) -> None: FeatureToggleConfigProvider.__init__(self) @property - def config(self) -> Dict[str, Any]: + def config(self) -> dict[str, Any]: return {} @@ -123,10 +123,10 @@ class FeatureToggleLocalConfigProvider(FeatureToggleConfigProvider): def __init__(self, local_config_path: str) -> None: FeatureToggleConfigProvider.__init__(self) config_json = Path(local_config_path).read_text(encoding="utf-8") - self.feature_toggle_config = cast(Dict[str, Any], json.loads(config_json)) + self.feature_toggle_config = cast(dict[str, Any], json.loads(config_json)) @property - def config(self) -> Dict[str, Any]: + def config(self) -> dict[str, Any]: return self.feature_toggle_config @@ -154,7 +154,7 @@ def __init__(self, application_id, environment_id, configuration_profile_id, app ClientId="FeatureToggleAppConfigConfigProvider", ) binary_config_string = response["Content"].read() - self.feature_toggle_config = cast(Dict[str, Any], json.loads(binary_config_string.decode("utf-8"))) + self.feature_toggle_config = cast(dict[str, Any], json.loads(binary_config_string.decode("utf-8"))) LOG.info("Finished loading feature toggle config from AppConfig.") except Exception: LOG.exception("Failed to load config from AppConfig. Using empty config.") @@ -162,5 +162,5 @@ def __init__(self, application_id, environment_id, configuration_profile_id, app self.feature_toggle_config = {} @property - def config(self) -> Dict[str, Any]: + def config(self) -> dict[str, Any]: return self.feature_toggle_config diff --git a/samtranslator/internal/deprecation_control.py b/samtranslator/internal/deprecation_control.py index dfb7702f75..5758de3124 100644 --- a/samtranslator/internal/deprecation_control.py +++ b/samtranslator/internal/deprecation_control.py @@ -11,8 +11,9 @@ """ import warnings +from collections.abc import Callable from functools import wraps -from typing import Callable, Optional, TypeVar +from typing import TypeVar from typing_extensions import ParamSpec @@ -20,14 +21,14 @@ RT = TypeVar("RT") # return type -def _make_message(message: str, replacement: Optional[str]) -> str: +def _make_message(message: str, replacement: str | None) -> str: return f"{message}, please use {replacement}" if replacement else message # TODO: make @deprecated able to decorate a class -def deprecated(replacement: Optional[str] = None) -> Callable[[Callable[PT, RT]], Callable[PT, RT]]: +def deprecated(replacement: str | None = None) -> Callable[[Callable[PT, RT]], Callable[PT, RT]]: """ Mark a function/method as deprecated. diff --git a/samtranslator/internal/intrinsics.py b/samtranslator/internal/intrinsics.py index 50c2fd38ff..76b487ea0d 100644 --- a/samtranslator/internal/intrinsics.py +++ b/samtranslator/internal/intrinsics.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, Optional, Union +from typing import Any, Union from samtranslator.intrinsics.resolver import IntrinsicsResolver from samtranslator.model.exceptions import InvalidResourceException @@ -7,9 +7,9 @@ def resolve_string_parameter_in_resource( logical_id: str, intrinsics_resolver: IntrinsicsResolver, - parameter_value: Optional[Union[str, Dict[str, Any]]], + parameter_value: Union[str, dict[str, Any]] | None, parameter_name: str, -) -> Optional[Union[str, Dict[str, Any]]]: +) -> Union[str, dict[str, Any]] | None: """Try to resolve values in a resource from template parameters.""" if not parameter_value: return parameter_value diff --git a/samtranslator/internal/managed_policies.py b/samtranslator/internal/managed_policies.py index a95971b8d0..29af9c0179 100644 --- a/samtranslator/internal/managed_policies.py +++ b/samtranslator/internal/managed_policies.py @@ -1,10 +1,9 @@ import json from pathlib import Path -from typing import Dict, Optional with (Path(__file__).absolute().parent / "data" / "aws_managed_policies.json").open(encoding="utf-8") as f: - _BUNDLED_MANAGED_POLICIES: Dict[str, Dict[str, str]] = json.load(f) + _BUNDLED_MANAGED_POLICIES: dict[str, dict[str, str]] = json.load(f) -def get_bundled_managed_policy_map(partition: str) -> Optional[Dict[str, str]]: +def get_bundled_managed_policy_map(partition: str) -> dict[str, str] | None: return _BUNDLED_MANAGED_POLICIES.get(partition) diff --git a/samtranslator/internal/model/appsync.py b/samtranslator/internal/model/appsync.py index 45bbf9f3fb..a49ce2bfb1 100644 --- a/samtranslator/internal/model/appsync.py +++ b/samtranslator/internal/model/appsync.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, List, Optional, TypedDict, Union +from typing import Any, TypedDict, Union from typing_extensions import Required @@ -53,7 +53,7 @@ class DeltaSyncConfigType(TypedDict): class DynamoDBConfigType(TypedDict, total=False): - AwsRegion: Union[str, Dict[str, str]] + AwsRegion: Union[str, dict[str, str]] TableName: str UseCallerCredentials: bool Versioned: bool @@ -93,12 +93,12 @@ class SyncConfigType(TypedDict, total=False): class CachingConfigType(TypedDict, total=False): - CachingKeys: List[str] + CachingKeys: list[str] Ttl: float class PipelineConfigType(TypedDict, total=False): - Functions: List[Intrinsicable[str]] + Functions: list[Intrinsicable[str]] class GraphQLApi(Resource): @@ -122,18 +122,18 @@ class GraphQLApi(Resource): Name: str AuthenticationType: str - LambdaAuthorizerConfig: Optional[LambdaAuthorizerConfigType] - OpenIDConnectConfig: Optional[OpenIDConnectConfigType] - UserPoolConfig: Optional[UserPoolConfigType] - AdditionalAuthenticationProviders: Optional[List[AdditionalAuthenticationProviderType]] - Tags: Optional[List[Dict[str, Any]]] - XrayEnabled: Optional[bool] - LogConfig: Optional[LogConfigType] - Visibility: Optional[str] - OwnerContact: Optional[str] - IntrospectionConfig: Optional[str] - QueryDepthLimit: Optional[int] - ResolverCountLimit: Optional[int] + LambdaAuthorizerConfig: LambdaAuthorizerConfigType | None + OpenIDConnectConfig: OpenIDConnectConfigType | None + UserPoolConfig: UserPoolConfigType | None + AdditionalAuthenticationProviders: list[AdditionalAuthenticationProviderType] | None + Tags: list[dict[str, Any]] | None + XrayEnabled: bool | None + LogConfig: LogConfigType | None + Visibility: str | None + OwnerContact: str | None + IntrospectionConfig: str | None + QueryDepthLimit: int | None + ResolverCountLimit: int | None runtime_attrs = {"api_id": lambda self: fnGetAtt(self.logical_id, "ApiId")} @@ -147,8 +147,8 @@ class GraphQLSchema(Resource): } ApiId: Intrinsicable[str] - Definition: Optional[str] - DefinitionS3Location: Optional[str] + Definition: str | None + DefinitionS3Location: str | None class DataSource(Resource): @@ -164,12 +164,12 @@ class DataSource(Resource): } ApiId: Intrinsicable[str] - Description: Optional[str] + Description: str | None Name: str Type: str ServiceRoleArn: str - DynamoDBConfig: Optional[DynamoDBConfigType] - LambdaConfig: Optional[LambdaConfigType] + DynamoDBConfig: DynamoDBConfigType | None + LambdaConfig: LambdaConfigType | None runtime_attrs = { "arn": lambda self: fnGetAtt(self.logical_id, "DataSourceArn"), @@ -194,12 +194,12 @@ class FunctionConfiguration(Resource): ApiId: Intrinsicable[str] DataSourceName: Intrinsicable[str] Name: str - Code: Optional[str] - CodeS3Location: Optional[str] - Description: Optional[str] - MaxBatchSize: Optional[int] - Runtime: Optional[AppSyncRuntimeType] - SyncConfig: Optional[SyncConfigType] + Code: str | None + CodeS3Location: str | None + Description: str | None + MaxBatchSize: int | None + Runtime: AppSyncRuntimeType | None + SyncConfig: SyncConfigType | None runtime_attrs = {"function_id": lambda self: fnGetAtt(self.logical_id, "FunctionId")} @@ -222,16 +222,16 @@ class Resolver(Resource): } ApiId: Intrinsicable[str] - CachingConfig: Optional[CachingConfigType] - Code: Optional[str] - CodeS3Location: Optional[str] - DataSourceName: Optional[str] + CachingConfig: CachingConfigType | None + Code: str | None + CodeS3Location: str | None + DataSourceName: str | None FieldName: str - Kind: Optional[str] - MaxBatchSize: Optional[int] - PipelineConfig: Optional[PipelineConfigType] - Runtime: Optional[AppSyncRuntimeType] - SyncConfig: Optional[SyncConfigType] + Kind: str | None + MaxBatchSize: int | None + PipelineConfig: PipelineConfigType | None + Runtime: AppSyncRuntimeType | None + SyncConfig: SyncConfigType | None TypeName: str @@ -245,9 +245,9 @@ class ApiKey(Resource): } ApiId: Intrinsicable[str] - ApiKeyId: Optional[str] - Description: Optional[str] - Expires: Optional[float] + ApiKeyId: str | None + Description: str | None + Expires: float | None class DomainName(Resource): @@ -260,7 +260,7 @@ class DomainName(Resource): CertificateArn: str DomainName: str - Description: Optional[str] + Description: str | None runtime_attrs = {"domain_name": lambda self: ref(self.logical_id)} @@ -291,5 +291,5 @@ class ApiCache(Resource): ApiId: Intrinsicable[str] Type: str Ttl: float - AtRestEncryptionEnabled: Optional[bool] - TransitEncryptionEnabled: Optional[bool] + AtRestEncryptionEnabled: bool | None + TransitEncryptionEnabled: bool | None diff --git a/samtranslator/internal/schema_source/aws_serverless_api.py b/samtranslator/internal/schema_source/aws_serverless_api.py index c478a3c3ae..660a9c1ea0 100644 --- a/samtranslator/internal/schema_source/aws_serverless_api.py +++ b/samtranslator/internal/schema_source/aws_serverless_api.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.aws_serverless_connector import EmbeddedConnector from samtranslator.internal.schema_source.common import ( @@ -38,137 +38,130 @@ class ResourcePolicy(BaseModel): - AwsAccountBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountBlacklist") - AwsAccountWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountWhitelist") - CustomStatements: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("CustomStatements") - IntrinsicVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcBlacklist") - IntrinsicVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcWhitelist") - IntrinsicVpceBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceBlacklist") - IntrinsicVpceWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceWhitelist") - IpRangeBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeBlacklist") - IpRangeWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeWhitelist") - SourceVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcBlacklist") - SourceVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcWhitelist") + AwsAccountBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountBlacklist") + AwsAccountWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountWhitelist") + CustomStatements: list[Union[str, DictStrAny]] | None = resourcepolicy("CustomStatements") + IntrinsicVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcBlacklist") + IntrinsicVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcWhitelist") + IntrinsicVpceBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceBlacklist") + IntrinsicVpceWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceWhitelist") + IpRangeBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeBlacklist") + IpRangeWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeWhitelist") + SourceVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcBlacklist") + SourceVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcWhitelist") class CognitoAuthorizerIdentity(BaseModel): - Header: Optional[str] = cognitoauthorizeridentity("Header") - ReauthorizeEvery: Optional[SamIntrinsicable[int]] = cognitoauthorizeridentity("ReauthorizeEvery") - ValidationExpression: Optional[str] = cognitoauthorizeridentity("ValidationExpression") + Header: str | None = cognitoauthorizeridentity("Header") + ReauthorizeEvery: SamIntrinsicable[int] | None = cognitoauthorizeridentity("ReauthorizeEvery") + ValidationExpression: str | None = cognitoauthorizeridentity("ValidationExpression") class CognitoAuthorizer(BaseModel): - AuthorizationScopes: Optional[List[str]] = cognitoauthorizer("AuthorizationScopes") - Identity: Optional[CognitoAuthorizerIdentity] = cognitoauthorizer("Identity") + AuthorizationScopes: list[str] | None = cognitoauthorizer("AuthorizationScopes") + Identity: CognitoAuthorizerIdentity | None = cognitoauthorizer("Identity") UserPoolArn: SamIntrinsicable[str] = cognitoauthorizer("UserPoolArn") class LambdaTokenAuthorizerIdentity(BaseModel): - ReauthorizeEvery: Optional[SamIntrinsicable[int]] = lambdatokenauthorizeridentity("ReauthorizeEvery") - ValidationExpression: Optional[str] = lambdatokenauthorizeridentity("ValidationExpression") - Header: Optional[str] = lambdatokenauthorizeridentity("Header") + ReauthorizeEvery: SamIntrinsicable[int] | None = lambdatokenauthorizeridentity("ReauthorizeEvery") + ValidationExpression: str | None = lambdatokenauthorizeridentity("ValidationExpression") + Header: str | None = lambdatokenauthorizeridentity("Header") class LambdaRequestAuthorizerIdentity(BaseModel): - Context: Optional[List[str]] = lambdarequestauthorizeridentity("Context") - Headers: Optional[List[str]] = lambdarequestauthorizeridentity("Headers") - QueryStrings: Optional[List[str]] = lambdarequestauthorizeridentity("QueryStrings") - ReauthorizeEvery: Optional[SamIntrinsicable[int]] = lambdarequestauthorizeridentity("ReauthorizeEvery") - StageVariables: Optional[List[str]] = lambdarequestauthorizeridentity("StageVariables") + Context: list[str] | None = lambdarequestauthorizeridentity("Context") + Headers: list[str] | None = lambdarequestauthorizeridentity("Headers") + QueryStrings: list[str] | None = lambdarequestauthorizeridentity("QueryStrings") + ReauthorizeEvery: SamIntrinsicable[int] | None = lambdarequestauthorizeridentity("ReauthorizeEvery") + StageVariables: list[str] | None = lambdarequestauthorizeridentity("StageVariables") class LambdaTokenAuthorizer(BaseModel): FunctionArn: SamIntrinsicable[str] = lambdatokenauthorizer("FunctionArn") - FunctionInvokeRole: Optional[str] = lambdatokenauthorizer("FunctionInvokeRole") - FunctionPayloadType: Optional[Literal["TOKEN"]] = lambdatokenauthorizer("FunctionPayloadType") - Identity: Optional[LambdaTokenAuthorizerIdentity] = lambdatokenauthorizer("Identity") - DisableFunctionDefaultPermissions: Optional[bool] = lambdatokenauthorizer("DisableFunctionDefaultPermissions") + FunctionInvokeRole: str | None = lambdatokenauthorizer("FunctionInvokeRole") + FunctionPayloadType: Literal["TOKEN"] | None = lambdatokenauthorizer("FunctionPayloadType") + Identity: LambdaTokenAuthorizerIdentity | None = lambdatokenauthorizer("Identity") + DisableFunctionDefaultPermissions: bool | None = lambdatokenauthorizer("DisableFunctionDefaultPermissions") class LambdaRequestAuthorizer(BaseModel): FunctionArn: SamIntrinsicable[str] = lambdarequestauthorizer("FunctionArn") - FunctionInvokeRole: Optional[str] = lambdarequestauthorizer("FunctionInvokeRole") - FunctionPayloadType: Optional[Literal["REQUEST"]] = lambdarequestauthorizer("FunctionPayloadType") - Identity: Optional[LambdaRequestAuthorizerIdentity] = lambdarequestauthorizer("Identity") - DisableFunctionDefaultPermissions: Optional[bool] = lambdarequestauthorizer("DisableFunctionDefaultPermissions") + FunctionInvokeRole: str | None = lambdarequestauthorizer("FunctionInvokeRole") + FunctionPayloadType: Literal["REQUEST"] | None = lambdarequestauthorizer("FunctionPayloadType") + Identity: LambdaRequestAuthorizerIdentity | None = lambdarequestauthorizer("Identity") + DisableFunctionDefaultPermissions: bool | None = lambdarequestauthorizer("DisableFunctionDefaultPermissions") class UsagePlan(BaseModel): CreateUsagePlan: SamIntrinsicable[Literal["PER_API", "SHARED", "NONE"]] = usageplan("CreateUsagePlan") - Description: Optional[PassThroughProp] = usageplan("Description") - Quota: Optional[PassThroughProp] = usageplan("Quota") - Tags: Optional[PassThroughProp] = usageplan("Tags") - Throttle: Optional[PassThroughProp] = usageplan("Throttle") - UsagePlanName: Optional[PassThroughProp] = usageplan("UsagePlanName") + Description: PassThroughProp | None = usageplan("Description") + Quota: PassThroughProp | None = usageplan("Quota") + Tags: PassThroughProp | None = usageplan("Tags") + Throttle: PassThroughProp | None = usageplan("Throttle") + UsagePlanName: PassThroughProp | None = usageplan("UsagePlanName") class Auth(BaseModel): - AddDefaultAuthorizerToCorsPreflight: Optional[bool] = auth("AddDefaultAuthorizerToCorsPreflight") - AddApiKeyRequiredToCorsPreflight: Optional[bool] = auth("AddApiKeyRequiredToCorsPreflight") - ApiKeyRequired: Optional[bool] = auth("ApiKeyRequired") - Authorizers: Optional[ - Dict[ - str, - Union[ - CognitoAuthorizer, - LambdaTokenAuthorizer, - LambdaRequestAuthorizer, - ], - ] - ] = auth("Authorizers") - DefaultAuthorizer: Optional[str] = auth("DefaultAuthorizer") - InvokeRole: Optional[str] = auth("InvokeRole") - ResourcePolicy: Optional[ResourcePolicy] = auth("ResourcePolicy") - UsagePlan: Optional[UsagePlan] = auth("UsagePlan") + AddDefaultAuthorizerToCorsPreflight: bool | None = auth("AddDefaultAuthorizerToCorsPreflight") + AddApiKeyRequiredToCorsPreflight: bool | None = auth("AddApiKeyRequiredToCorsPreflight") + ApiKeyRequired: bool | None = auth("ApiKeyRequired") + Authorizers: dict[str, Union[CognitoAuthorizer, LambdaTokenAuthorizer, LambdaRequestAuthorizer]] | None = auth( + "Authorizers" + ) + DefaultAuthorizer: str | None = auth("DefaultAuthorizer") + InvokeRole: str | None = auth("InvokeRole") + ResourcePolicy: ResourcePolicy | None = auth("ResourcePolicy") + UsagePlan: UsagePlan | None = auth("UsagePlan") class Cors(BaseModel): - AllowCredentials: Optional[bool] = cors("AllowCredentials") - AllowHeaders: Optional[str] = cors("AllowHeaders") - AllowMethods: Optional[str] = cors("AllowMethods") + AllowCredentials: bool | None = cors("AllowCredentials") + AllowHeaders: str | None = cors("AllowHeaders") + AllowMethods: str | None = cors("AllowMethods") AllowOrigin: str = cors("AllowOrigin") - MaxAge: Optional[str] = cors("MaxAge") + MaxAge: str | None = cors("MaxAge") class Route53(BaseModel): - DistributionDomainName: Optional[PassThroughProp] = passthrough_prop( + DistributionDomainName: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "DistributionDomainName", ["AWS::Route53::RecordSetGroup.AliasTarget", "DNSName"], ) - EvaluateTargetHealth: Optional[PassThroughProp] = passthrough_prop( + EvaluateTargetHealth: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "EvaluateTargetHealth", ["AWS::Route53::RecordSetGroup.AliasTarget", "EvaluateTargetHealth"], ) - HostedZoneId: Optional[PassThroughProp] = passthrough_prop( + HostedZoneId: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "HostedZoneId", ["AWS::Route53::RecordSetGroup.RecordSet", "HostedZoneId"], ) - HostedZoneName: Optional[PassThroughProp] = passthrough_prop( + HostedZoneName: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "HostedZoneName", ["AWS::Route53::RecordSetGroup.RecordSet", "HostedZoneName"], ) - IpV6: Optional[bool] = route53("IpV6") - SetIdentifier: Optional[PassThroughProp] = passthrough_prop( + IpV6: bool | None = route53("IpV6") + SetIdentifier: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "SetIdentifier", ["AWS::Route53::RecordSetGroup.RecordSet", "SetIdentifier"], ) - Region: Optional[PassThroughProp] = passthrough_prop( + Region: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "Region", ["AWS::Route53::RecordSetGroup.RecordSet", "Region"], ) - SeparateRecordSetGroup: Optional[bool] # SAM-specific property - not yet documented in sam-docs.json - VpcEndpointDomainName: Optional[PassThroughProp] = passthrough_prop( + SeparateRecordSetGroup: bool | None # SAM-specific property - not yet documented in sam-docs.json + VpcEndpointDomainName: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "VpcEndpointDomainName", ["AWS::Route53::RecordSet.AliasTarget", "DNSName"], ) - VpcEndpointHostedZoneId: Optional[PassThroughProp] = passthrough_prop( + VpcEndpointHostedZoneId: PassThroughProp | None = passthrough_prop( ROUTE53_STEM, "VpcEndpointHostedZoneId", ["AWS::Route53::RecordSet.AliasTarget", "HostedZoneId"], @@ -184,36 +177,41 @@ class AccessAssociation(BaseModel): class Domain(BaseModel): - BasePath: Optional[PassThroughProp] = domain("BasePath") - NormalizeBasePath: Optional[bool] = domain("NormalizeBasePath") - Policy: Optional[PassThroughProp] + BasePath: PassThroughProp | None = domain("BasePath") + NormalizeBasePath: bool | None = domain("NormalizeBasePath") + Policy: PassThroughProp | None CertificateArn: PassThroughProp = domain("CertificateArn") DomainName: PassThroughProp = passthrough_prop( DOMAIN_STEM, "DomainName", ["AWS::ApiGateway::DomainName", "Properties", "DomainName"], ) - EndpointConfiguration: Optional[SamIntrinsicable[Literal["REGIONAL", "EDGE", "PRIVATE"]]] = domain( + EndpointAccessMode: PassThroughProp | None = passthrough_prop( + DOMAIN_STEM, + "EndpointAccessMode", + ["AWS::ApiGateway::DomainName", "Properties", "EndpointAccessMode"], + ) + EndpointConfiguration: SamIntrinsicable[Literal["REGIONAL", "EDGE", "PRIVATE"]] | None = domain( "EndpointConfiguration" ) - IpAddressType: Optional[PassThroughProp] # TODO: add documentation; currently unavailable - MutualTlsAuthentication: Optional[PassThroughProp] = passthrough_prop( + IpAddressType: PassThroughProp | None # TODO: add documentation; currently unavailable + MutualTlsAuthentication: PassThroughProp | None = passthrough_prop( DOMAIN_STEM, "MutualTlsAuthentication", ["AWS::ApiGateway::DomainName", "Properties", "MutualTlsAuthentication"], ) - OwnershipVerificationCertificateArn: Optional[PassThroughProp] = passthrough_prop( + OwnershipVerificationCertificateArn: PassThroughProp | None = passthrough_prop( DOMAIN_STEM, "OwnershipVerificationCertificateArn", ["AWS::ApiGateway::DomainName", "Properties", "OwnershipVerificationCertificateArn"], ) - Route53: Optional[Route53] = domain("Route53") - SecurityPolicy: Optional[PassThroughProp] = passthrough_prop( + Route53: Route53 | None = domain("Route53") + SecurityPolicy: PassThroughProp | None = passthrough_prop( DOMAIN_STEM, "SecurityPolicy", ["AWS::ApiGateway::DomainName", "Properties", "SecurityPolicy"], ) - AccessAssociation: Optional[AccessAssociation] + AccessAssociation: AccessAssociation | None class DefinitionUri(BaseModel): @@ -227,7 +225,7 @@ class DefinitionUri(BaseModel): "Key", ["AWS::ApiGateway::RestApi.S3Location", "Key"], ) - Version: Optional[PassThroughProp] = passthrough_prop( + Version: PassThroughProp | None = passthrough_prop( DEFINITION_URI_STEM, "Version", ["AWS::ApiGateway::RestApi.S3Location", "Version"], @@ -235,193 +233,203 @@ class DefinitionUri(BaseModel): class EndpointConfiguration(BaseModel): - Type: Optional[PassThroughProp] = passthrough_prop( + Type: PassThroughProp | None = passthrough_prop( ENDPOINT_CONFIGURATION_STEM, "Type", ["AWS::ApiGateway::RestApi.EndpointConfiguration", "Types"], ) - VPCEndpointIds: Optional[PassThroughProp] = passthrough_prop( + VPCEndpointIds: PassThroughProp | None = passthrough_prop( ENDPOINT_CONFIGURATION_STEM, "VPCEndpointIds", ["AWS::ApiGateway::RestApi.EndpointConfiguration", "VpcEndpointIds"], ) - IpAddressType: Optional[PassThroughProp] # TODO: add documentation; currently unavailable + IpAddressType: PassThroughProp | None # TODO: add documentation; currently unavailable -Name = Optional[PassThroughProp] -DefinitionUriType = Optional[Union[str, DefinitionUri]] -MergeDefinitions = Optional[bool] -CacheClusterEnabled = Optional[PassThroughProp] -CacheClusterSize = Optional[PassThroughProp] -Variables = Optional[PassThroughProp] -EndpointConfigurationType = Optional[SamIntrinsicable[EndpointConfiguration]] -MethodSettings = Optional[PassThroughProp] -BinaryMediaTypes = Optional[PassThroughProp] -MinimumCompressionSize = Optional[PassThroughProp] -CorsType = Optional[SamIntrinsicable[Union[str, Cors]]] -GatewayResponses = Optional[DictStrAny] -AccessLogSetting = Optional[PassThroughProp] -CanarySetting = Optional[PassThroughProp] -TracingEnabled = Optional[PassThroughProp] -OpenApiVersion = Optional[Union[float, str]] # TODO: float doesn't exist in documentation -AlwaysDeploy = Optional[bool] +Name = PassThroughProp | None +DefinitionUriType = Union[str, DefinitionUri] | None +MergeDefinitions = bool | None +CacheClusterEnabled = PassThroughProp | None +CacheClusterSize = PassThroughProp | None +Variables = PassThroughProp | None +EndpointConfigurationType = SamIntrinsicable[EndpointConfiguration] | None +MethodSettings = PassThroughProp | None +BinaryMediaTypes = PassThroughProp | None +MinimumCompressionSize = PassThroughProp | None +CorsType = SamIntrinsicable[Union[str, Cors]] | None +GatewayResponses = DictStrAny | None +AccessLogSetting = PassThroughProp | None +CanarySetting = PassThroughProp | None +TracingEnabled = PassThroughProp | None +OpenApiVersion = Union[float, str] | None # TODO: float doesn't exist in documentation +AlwaysDeploy = bool | None class Properties(BaseModel): - AccessLogSetting: Optional[AccessLogSetting] = passthrough_prop( + AccessLogSetting: AccessLogSetting | None = passthrough_prop( PROPERTIES_STEM, "AccessLogSetting", ["AWS::ApiGateway::Stage", "Properties", "AccessLogSetting"], ) - ApiKeySourceType: Optional[PassThroughProp] = passthrough_prop( + ApiKeySourceType: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "ApiKeySourceType", ["AWS::ApiGateway::RestApi", "Properties", "ApiKeySourceType"], ) - Auth: Optional[Auth] = properties("Auth") - BinaryMediaTypes: Optional[BinaryMediaTypes] = properties("BinaryMediaTypes") - CacheClusterEnabled: Optional[CacheClusterEnabled] = passthrough_prop( + Auth: Auth | None = properties("Auth") + BinaryMediaTypes: BinaryMediaTypes | None = properties("BinaryMediaTypes") + CacheClusterEnabled: CacheClusterEnabled | None = passthrough_prop( PROPERTIES_STEM, "CacheClusterEnabled", ["AWS::ApiGateway::Stage", "Properties", "CacheClusterEnabled"], ) - CacheClusterSize: Optional[CacheClusterSize] = passthrough_prop( + CacheClusterSize: CacheClusterSize | None = passthrough_prop( PROPERTIES_STEM, "CacheClusterSize", ["AWS::ApiGateway::Stage", "Properties", "CacheClusterSize"], ) - CanarySetting: Optional[CanarySetting] = passthrough_prop( + CanarySetting: CanarySetting | None = passthrough_prop( PROPERTIES_STEM, "CanarySetting", ["AWS::ApiGateway::Stage", "Properties", "CanarySetting"], ) - Cors: Optional[CorsType] = properties("Cors") - DefinitionBody: Optional[DictStrAny] = properties("DefinitionBody") - DefinitionUri: Optional[DefinitionUriType] = properties("DefinitionUri") - MergeDefinitions: Optional[MergeDefinitions] = properties("MergeDefinitions") - Description: Optional[PassThroughProp] = passthrough_prop( + Cors: CorsType | None = properties("Cors") + DefinitionBody: DictStrAny | None = properties("DefinitionBody") + DefinitionUri: DefinitionUriType | None = properties("DefinitionUri") + MergeDefinitions: MergeDefinitions | None = properties("MergeDefinitions") + Description: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "Description", ["AWS::ApiGateway::Stage", "Properties", "Description"], ) - DisableExecuteApiEndpoint: Optional[PassThroughProp] = properties("DisableExecuteApiEndpoint") - Domain: Optional[Domain] = properties("Domain") - EndpointConfiguration: Optional[EndpointConfigurationType] = properties("EndpointConfiguration") - FailOnWarnings: Optional[PassThroughProp] = passthrough_prop( + DisableExecuteApiEndpoint: PassThroughProp | None = properties("DisableExecuteApiEndpoint") + Domain: Domain | None = properties("Domain") + EndpointAccessMode: PassThroughProp | None = passthrough_prop( + PROPERTIES_STEM, + "EndpointAccessMode", + ["AWS::ApiGateway::RestApi", "Properties", "EndpointAccessMode"], + ) + EndpointConfiguration: EndpointConfigurationType | None = properties("EndpointConfiguration") + FailOnWarnings: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "FailOnWarnings", ["AWS::ApiGateway::RestApi", "Properties", "FailOnWarnings"], ) - GatewayResponses: Optional[GatewayResponses] = properties("GatewayResponses") - MethodSettings: Optional[MethodSettings] = passthrough_prop( + GatewayResponses: GatewayResponses | None = properties("GatewayResponses") + MethodSettings: MethodSettings | None = passthrough_prop( PROPERTIES_STEM, "MethodSettings", ["AWS::ApiGateway::Stage", "Properties", "MethodSettings"], ) - MinimumCompressionSize: Optional[MinimumCompressionSize] = passthrough_prop( + MinimumCompressionSize: MinimumCompressionSize | None = passthrough_prop( PROPERTIES_STEM, "MinimumCompressionSize", ["AWS::ApiGateway::RestApi", "Properties", "MinimumCompressionSize"], ) - Mode: Optional[PassThroughProp] = passthrough_prop( + Mode: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "Mode", ["AWS::ApiGateway::RestApi", "Properties", "Mode"], ) - Models: Optional[DictStrAny] = properties("Models") - Name: Optional[Name] = passthrough_prop( + Models: DictStrAny | None = properties("Models") + Name: Name | None = passthrough_prop( PROPERTIES_STEM, "Name", ["AWS::ApiGateway::RestApi", "Properties", "Name"], ) - OpenApiVersion: Optional[OpenApiVersion] = properties("OpenApiVersion") + OpenApiVersion: OpenApiVersion | None = properties("OpenApiVersion") StageName: SamIntrinsicable[str] = properties("StageName") - Tags: Optional[DictStrAny] = properties("Tags") - Policy: Optional[PassThroughProp] = passthrough_prop( + Tags: DictStrAny | None = properties("Tags") + Policy: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "Policy", ["AWS::ApiGateway::RestApi", "Properties", "Policy"], ) - PropagateTags: Optional[bool] = properties("PropagateTags") - SecurityPolicy: Optional[PassThroughProp] = passthrough_prop( + PropagateTags: bool | None = properties("PropagateTags") + SecurityPolicy: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "SecurityPolicy", ["AWS::ApiGateway::RestApi", "Properties", "SecurityPolicy"], ) - TracingEnabled: Optional[TracingEnabled] = passthrough_prop( + TracingEnabled: TracingEnabled | None = passthrough_prop( PROPERTIES_STEM, "TracingEnabled", ["AWS::ApiGateway::Stage", "Properties", "TracingEnabled"], ) - Variables: Optional[Variables] = passthrough_prop( + Variables: Variables | None = passthrough_prop( PROPERTIES_STEM, "Variables", ["AWS::ApiGateway::Stage", "Properties", "Variables"], ) - AlwaysDeploy: Optional[AlwaysDeploy] = properties("AlwaysDeploy") + AlwaysDeploy: AlwaysDeploy | None = properties("AlwaysDeploy") class Globals(BaseModel): - Auth: Optional[Auth] = properties("Auth") - Name: Optional[Name] = passthrough_prop( + Auth: Auth | None = properties("Auth") + Name: Name | None = passthrough_prop( PROPERTIES_STEM, "Name", ["AWS::ApiGateway::RestApi", "Properties", "Name"], ) - DefinitionUri: Optional[PassThroughProp] = properties("DefinitionUri") - CacheClusterEnabled: Optional[CacheClusterEnabled] = passthrough_prop( + DefinitionUri: PassThroughProp | None = properties("DefinitionUri") + CacheClusterEnabled: CacheClusterEnabled | None = passthrough_prop( PROPERTIES_STEM, "CacheClusterEnabled", ["AWS::ApiGateway::Stage", "Properties", "CacheClusterEnabled"], ) - CacheClusterSize: Optional[CacheClusterSize] = passthrough_prop( + CacheClusterSize: CacheClusterSize | None = passthrough_prop( PROPERTIES_STEM, "CacheClusterSize", ["AWS::ApiGateway::Stage", "Properties", "CacheClusterSize"], ) - MergeDefinitions: Optional[MergeDefinitions] = properties("MergeDefinitions") - Variables: Optional[Variables] = passthrough_prop( + MergeDefinitions: MergeDefinitions | None = properties("MergeDefinitions") + Variables: Variables | None = passthrough_prop( PROPERTIES_STEM, "Variables", ["AWS::ApiGateway::Stage", "Properties", "Variables"], ) - EndpointConfiguration: Optional[PassThroughProp] = properties("EndpointConfiguration") - MethodSettings: Optional[MethodSettings] = properties("MethodSettings") - BinaryMediaTypes: Optional[BinaryMediaTypes] = properties("BinaryMediaTypes") - MinimumCompressionSize: Optional[MinimumCompressionSize] = passthrough_prop( + EndpointConfiguration: PassThroughProp | None = properties("EndpointConfiguration") + MethodSettings: MethodSettings | None = properties("MethodSettings") + BinaryMediaTypes: BinaryMediaTypes | None = properties("BinaryMediaTypes") + MinimumCompressionSize: MinimumCompressionSize | None = passthrough_prop( PROPERTIES_STEM, "MinimumCompressionSize", ["AWS::ApiGateway::RestApi", "Properties", "MinimumCompressionSize"], ) - Cors: Optional[CorsType] = properties("Cors") - GatewayResponses: Optional[GatewayResponses] = properties("GatewayResponses") - AccessLogSetting: Optional[AccessLogSetting] = passthrough_prop( + Cors: CorsType | None = properties("Cors") + GatewayResponses: GatewayResponses | None = properties("GatewayResponses") + AccessLogSetting: AccessLogSetting | None = passthrough_prop( PROPERTIES_STEM, "AccessLogSetting", ["AWS::ApiGateway::Stage", "Properties", "AccessLogSetting"], ) - CanarySetting: Optional[CanarySetting] = passthrough_prop( + CanarySetting: CanarySetting | None = passthrough_prop( PROPERTIES_STEM, "CanarySetting", ["AWS::ApiGateway::Stage", "Properties", "CanarySetting"], ) - TracingEnabled: Optional[TracingEnabled] = passthrough_prop( + TracingEnabled: TracingEnabled | None = passthrough_prop( PROPERTIES_STEM, "TracingEnabled", ["AWS::ApiGateway::Stage", "Properties", "TracingEnabled"], ) - OpenApiVersion: Optional[OpenApiVersion] = properties("OpenApiVersion") - Domain: Optional[Domain] = properties("Domain") - AlwaysDeploy: Optional[AlwaysDeploy] = properties("AlwaysDeploy") - PropagateTags: Optional[bool] = properties("PropagateTags") - SecurityPolicy: Optional[PassThroughProp] = passthrough_prop( + OpenApiVersion: OpenApiVersion | None = properties("OpenApiVersion") + Domain: Domain | None = properties("Domain") + AlwaysDeploy: AlwaysDeploy | None = properties("AlwaysDeploy") + PropagateTags: bool | None = properties("PropagateTags") + SecurityPolicy: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "SecurityPolicy", ["AWS::ApiGateway::RestApi", "Properties", "SecurityPolicy"], ) + EndpointAccessMode: PassThroughProp | None = passthrough_prop( + PROPERTIES_STEM, + "EndpointAccessMode", + ["AWS::ApiGateway::RestApi", "Properties", "EndpointAccessMode"], + ) class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::Api"] Properties: Properties - Connectors: Optional[Dict[str, EmbeddedConnector]] + Connectors: dict[str, EmbeddedConnector] | None diff --git a/samtranslator/internal/schema_source/aws_serverless_application.py b/samtranslator/internal/schema_source/aws_serverless_application.py index 7079ca17ca..8b93175225 100644 --- a/samtranslator/internal/schema_source/aws_serverless_application.py +++ b/samtranslator/internal/schema_source/aws_serverless_application.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Any, Dict, Literal, Optional, Union +from typing import Any, Literal, Union from samtranslator.internal.schema_source.common import ( BaseModel, @@ -24,18 +24,18 @@ class Location(BaseModel): class Properties(BaseModel): Location: Union[str, Location] = properties("Location") - NotificationARNs: Optional[PassThroughProp] = passthrough_prop( + NotificationARNs: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "NotificationARNs", ["AWS::CloudFormation::Stack", "Properties", "NotificationARNs"], ) - Parameters: Optional[PassThroughProp] = passthrough_prop( + Parameters: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "Parameters", ["AWS::CloudFormation::Stack", "Properties", "Parameters"], ) - Tags: Optional[Dict[str, Any]] = properties("Tags") - TimeoutInMinutes: Optional[PassThroughProp] = passthrough_prop( + Tags: dict[str, Any] | None = properties("Tags") + TimeoutInMinutes: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "TimeoutInMinutes", ["AWS::CloudFormation::Stack", "Properties", "TimeoutInMinutes"], diff --git a/samtranslator/internal/schema_source/aws_serverless_capacity_provider.py b/samtranslator/internal/schema_source/aws_serverless_capacity_provider.py index 9d9443eb05..28b504108c 100644 --- a/samtranslator/internal/schema_source/aws_serverless_capacity_provider.py +++ b/samtranslator/internal/schema_source/aws_serverless_capacity_provider.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import List, Literal, Optional +from typing import Literal from samtranslator.internal.schema_source.common import ( BaseModel, @@ -25,35 +25,35 @@ class VpcConfig(BaseModel): # Optional list of security group IDs - supports intrinsic functions for dynamic references - SecurityGroupIds: Optional[SamIntrinsicable[List[SamIntrinsicable[str]]]] = vpcconfig("SecurityGroupIds") + SecurityGroupIds: SamIntrinsicable[list[SamIntrinsicable[str]]] | None = vpcconfig("SecurityGroupIds") # Required list of subnet IDs - supports intrinsic functions for dynamic VPC configuration - SubnetIds: SamIntrinsicable[List[SamIntrinsicable[str]]] = vpcconfig("SubnetIds") + SubnetIds: SamIntrinsicable[list[SamIntrinsicable[str]]] = vpcconfig("SubnetIds") class InstanceRequirements(BaseModel): # Optional list of CPU architectures - maps to CFN InstanceRequirements.Architecture - # Uses SamIntrinsicable[List[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item - Architectures: Optional[SamIntrinsicable[List[SamIntrinsicable[str]]]] = instancerequirements("Architectures") + # Uses SamIntrinsicable[list[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item + Architectures: SamIntrinsicable[list[SamIntrinsicable[str]]] | None = instancerequirements("Architectures") # Optional list of allowed EC2 instance types - maps to CFN InstanceRequirements.AllowedInstanceTypes - # Uses SamIntrinsicable[List[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item - AllowedTypes: Optional[SamIntrinsicable[List[SamIntrinsicable[str]]]] = instancerequirements("AllowedTypes") + # Uses SamIntrinsicable[list[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item + AllowedTypes: SamIntrinsicable[list[SamIntrinsicable[str]]] | None = instancerequirements("AllowedTypes") # Optional list of excluded EC2 instance types - maps to CFN InstanceRequirements.ExcludedInstanceTypes - # Uses SamIntrinsicable[List[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item - ExcludedTypes: Optional[SamIntrinsicable[List[SamIntrinsicable[str]]]] = instancerequirements("ExcludedTypes") + # Uses SamIntrinsicable[list[SamIntrinsicable[str]]] to support intrinsic functions like !Ref for both list and list item + ExcludedTypes: SamIntrinsicable[list[SamIntrinsicable[str]]] | None = instancerequirements("ExcludedTypes") class ScalingConfig(BaseModel): # Optional maximum instance count - maps to CFN CapacityProviderScalingConfig.MaxVCpuCount # Uses SamIntrinsicable[int] to support dynamic scaling limits via parameters/conditions - MaxVCpuCount: Optional[SamIntrinsicable[int]] = scalingconfig("MaxVCpuCount") + MaxVCpuCount: SamIntrinsicable[int] | None = scalingconfig("MaxVCpuCount") # Average CPU utilization target (0-100) - maps to CFN ScalingPolicies with CPU metric type # When specified, automatically sets ScalingMode to "Manual" # Uses SamIntrinsicable[float] to support dynamic scaling targets via parameters/conditions - AverageCPUUtilization: Optional[SamIntrinsicable[float]] = scalingconfig("AverageCPUUtilization") + AverageCPUUtilization: SamIntrinsicable[float] | None = scalingconfig("AverageCPUUtilization") class Properties(BaseModel): - CapacityProviderName: Optional[PassThroughProp] = passthrough_prop( + CapacityProviderName: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "CapacityProviderName", ["AWS::Lambda::CapacityProvider", "Properties", "CapacityProviderName"], @@ -64,25 +64,25 @@ class Properties(BaseModel): VpcConfig: VpcConfig = properties("VpcConfig") # Optional operator role ARN - if not provided, SAM auto-generates one with EC2 management permissions - OperatorRole: Optional[PassThroughProp] = properties("OperatorRole") + OperatorRole: PassThroughProp | None = properties("OperatorRole") # Optional tags - SAM transforms key-value pairs to CFN Tag objects before passing to CFN # Uses DictStrAny to support flexible tag structure with string keys and any values - Tags: Optional[DictStrAny] = properties("Tags") + Tags: DictStrAny | None = properties("Tags") # Optional flag to propagate tags to resources created by this capacity provider # When true, all tags defined on the capacity provider will be propagated to generated resources - PropagateTags: Optional[bool] = properties("PropagateTags") + PropagateTags: bool | None = properties("PropagateTags") # Optional instance requirements - maps to CFN InstanceRequirements with property name shortening # Uses custom InstanceRequirements class because SAM shortens names - InstanceRequirements: Optional[InstanceRequirements] = properties("InstanceRequirements") + InstanceRequirements: InstanceRequirements | None = properties("InstanceRequirements") # Optional scaling configuration - maps to CFN CapacityProviderScalingConfig # Uses custom ScalingConfig class because SAM renames construct (CapacityProviderScalingConfig→ScalingConfig) - ScalingConfig: Optional[ScalingConfig] = properties("ScalingConfig") + ScalingConfig: ScalingConfig | None = properties("ScalingConfig") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::CapacityProvider", "Properties", "KmsKeyArn"], @@ -92,28 +92,28 @@ class Properties(BaseModel): class Globals(BaseModel): # Global VPC configuration - can be inherited by capacity providers if not overridden # Uses custom VpcConfig class to validate required SubnetIds while maintaining passthrough behavior - VpcConfig: Optional[VpcConfig] = properties("VpcConfig") + VpcConfig: VpcConfig | None = properties("VpcConfig") # Global operator role ARN - can be inherited by capacity providers if not overridden - OperatorRole: Optional[PassThroughProp] = properties("OperatorRole") + OperatorRole: PassThroughProp | None = properties("OperatorRole") # Global tags - can be inherited and merged with resource-specific tags # Uses DictStrAny to support flexible tag structure with string keys and any values - Tags: Optional[DictStrAny] = properties("Tags") + Tags: DictStrAny | None = properties("Tags") # Global flag to propagate tags to resources created by capacity providers # When true, all tags defined on capacity providers will be propagated to generated resources - PropagateTags: Optional[bool] = properties("PropagateTags") + PropagateTags: bool | None = properties("PropagateTags") # Global instance requirements - can be inherited by capacity providers if not overridden # Uses custom InstanceRequirements class because SAM shortens names - InstanceRequirements: Optional[InstanceRequirements] = properties("InstanceRequirements") + InstanceRequirements: InstanceRequirements | None = properties("InstanceRequirements") # Global scaling configuration - can be inherited by capacity providers if not overridden # Uses custom ScalingConfig class because SAM renames construct (CapacityProviderScalingConfig→ScalingConfig) - ScalingConfig: Optional[ScalingConfig] = properties("ScalingConfig") + ScalingConfig: ScalingConfig | None = properties("ScalingConfig") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::CapacityProvider", "Properties", "KmsKeyArn"], diff --git a/samtranslator/internal/schema_source/aws_serverless_connector.py b/samtranslator/internal/schema_source/aws_serverless_connector.py index 76b596cb9e..f9319d2b87 100644 --- a/samtranslator/internal/schema_source/aws_serverless_connector.py +++ b/samtranslator/internal/schema_source/aws_serverless_connector.py @@ -1,4 +1,4 @@ -from typing import List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.common import ( BaseModel, @@ -14,20 +14,20 @@ class ResourceReference(BaseModel): - Id: Optional[str] = resourcereference("Id") - Arn: Optional[PassThroughProp] = resourcereference("Arn") - Name: Optional[PassThroughProp] = resourcereference("Name") - Qualifier: Optional[PassThroughProp] = resourcereference("Qualifier") - QueueUrl: Optional[PassThroughProp] = resourcereference("QueueUrl") - ResourceId: Optional[PassThroughProp] = resourcereference("ResourceId") - RoleName: Optional[PassThroughProp] = resourcereference("RoleName") - Type: Optional[str] = resourcereference("Type") + Id: str | None = resourcereference("Id") + Arn: PassThroughProp | None = resourcereference("Arn") + Name: PassThroughProp | None = resourcereference("Name") + Qualifier: PassThroughProp | None = resourcereference("Qualifier") + QueueUrl: PassThroughProp | None = resourcereference("QueueUrl") + ResourceId: PassThroughProp | None = resourcereference("ResourceId") + RoleName: PassThroughProp | None = resourcereference("RoleName") + Type: str | None = resourcereference("Type") class Properties(BaseModel): Source: ResourceReference = properties("Source") - Destination: Union[ResourceReference, List[ResourceReference]] = properties("Destination") - Permissions: List[Literal["Read", "Write"]] = properties("Permissions") + Destination: Union[ResourceReference, list[ResourceReference]] = properties("Destination") + Permissions: list[Literal["Read", "Write"]] = properties("Permissions") class Resource(ResourceAttributes): @@ -36,12 +36,12 @@ class Resource(ResourceAttributes): class SourceReferenceProperties(BaseModel): - Qualifier: Optional[PassThroughProp] = sourcereference("Qualifier") + Qualifier: PassThroughProp | None = sourcereference("Qualifier") class EmbeddedConnectorProperties(BaseModel): - SourceReference: Optional[SourceReferenceProperties] = properties("SourceReference") - Destination: Union[ResourceReference, List[ResourceReference]] = properties("Destination") + SourceReference: SourceReferenceProperties | None = properties("SourceReference") + Destination: Union[ResourceReference, list[ResourceReference]] = properties("Destination") Permissions: PermissionsType = properties("Permissions") diff --git a/samtranslator/internal/schema_source/aws_serverless_function.py b/samtranslator/internal/schema_source/aws_serverless_function.py index cc35742864..811f37d1bf 100644 --- a/samtranslator/internal/schema_source/aws_serverless_function.py +++ b/samtranslator/internal/schema_source/aws_serverless_function.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.aws_serverless_connector import EmbeddedConnector from samtranslator.internal.schema_source.common import ( @@ -59,42 +59,42 @@ class ResourcePolicy(BaseModel): - AwsAccountBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountBlacklist") - AwsAccountWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountWhitelist") - CustomStatements: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("CustomStatements") - IntrinsicVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcBlacklist") - IntrinsicVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcWhitelist") - IntrinsicVpceBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceBlacklist") - IntrinsicVpceWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceWhitelist") - IpRangeBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeBlacklist") - IpRangeWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeWhitelist") - SourceVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcBlacklist") - SourceVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcWhitelist") + AwsAccountBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountBlacklist") + AwsAccountWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountWhitelist") + CustomStatements: list[Union[str, DictStrAny]] | None = resourcepolicy("CustomStatements") + IntrinsicVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcBlacklist") + IntrinsicVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcWhitelist") + IntrinsicVpceBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceBlacklist") + IntrinsicVpceWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceWhitelist") + IpRangeBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeBlacklist") + IpRangeWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeWhitelist") + SourceVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcBlacklist") + SourceVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcWhitelist") class CodeUri(BaseModel): Bucket: SamIntrinsicable[str] = codeuri("Bucket") Key: SamIntrinsicable[str] = codeuri("Key") - Version: Optional[SamIntrinsicable[str]] = codeuri("Version") + Version: SamIntrinsicable[str] | None = codeuri("Version") class Hooks(BaseModel): - PostTraffic: Optional[SamIntrinsicable[str]] = hooks("PostTraffic") - PreTraffic: Optional[SamIntrinsicable[str]] = hooks("PreTraffic") + PostTraffic: SamIntrinsicable[str] | None = hooks("PostTraffic") + PreTraffic: SamIntrinsicable[str] | None = hooks("PreTraffic") class DeploymentPreference(BaseModel): - Alarms: Optional[SamIntrinsicable[List[DictStrAny]]] = deploymentpreference("Alarms") - Enabled: Optional[SamIntrinsicable[bool]] = deploymentpreference("Enabled") - Hooks: Optional[Hooks] = deploymentpreference("Hooks") - PassthroughCondition: Optional[SamIntrinsicable[bool]] = deploymentpreference("PassthroughCondition") - Role: Optional[SamIntrinsicable[str]] = deploymentpreference("Role") - TriggerConfigurations: Optional[PassThroughProp] = passthrough_prop( + Alarms: SamIntrinsicable[list[DictStrAny]] | None = deploymentpreference("Alarms") + Enabled: SamIntrinsicable[bool] | None = deploymentpreference("Enabled") + Hooks: Hooks | None = deploymentpreference("Hooks") + PassthroughCondition: SamIntrinsicable[bool] | None = deploymentpreference("PassthroughCondition") + Role: SamIntrinsicable[str] | None = deploymentpreference("Role") + TriggerConfigurations: PassThroughProp | None = passthrough_prop( DEPLOYMENT_PREFERENCE_STEM, "TriggerConfigurations", ["AWS::CodeDeploy::DeploymentGroup", "Properties", "TriggerConfigurations"], ) - Type: Optional[SamIntrinsicable[str]] = deploymentpreference( + Type: SamIntrinsicable[str] | None = deploymentpreference( "Type" ) # TODO: Should investigate whether this is a required field. This is a required field on documentation. However, we don't seem to use this field. @@ -105,30 +105,30 @@ class DeadLetterQueue(BaseModel): class EventInvokeOnFailure(BaseModel): - Destination: Optional[SamIntrinsicable[str]] = eventinvokeonfailure("Destination") - Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"]] = eventinvokeonfailure("Type") + Destination: SamIntrinsicable[str] | None = eventinvokeonfailure("Destination") + Type: Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"] | None = eventinvokeonfailure("Type") class EventInvokeOnSuccess(BaseModel): - Destination: Optional[SamIntrinsicable[str]] = eventinvokeonsuccess("Destination") - Type: Optional[Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"]] = eventinvokeonsuccess("Type") + Destination: SamIntrinsicable[str] | None = eventinvokeonsuccess("Destination") + Type: Literal["SQS", "SNS", "Lambda", "EventBridge", "S3Bucket"] | None = eventinvokeonsuccess("Type") class EventInvokeDestinationConfig(BaseModel): - OnFailure: Optional[EventInvokeOnFailure] = eventinvokedestinationconfig("OnFailure") - OnSuccess: Optional[EventInvokeOnSuccess] = eventinvokedestinationconfig("OnSuccess") + OnFailure: EventInvokeOnFailure | None = eventinvokedestinationconfig("OnFailure") + OnSuccess: EventInvokeOnSuccess | None = eventinvokedestinationconfig("OnSuccess") class EventInvokeConfig(BaseModel): - DestinationConfig: Optional[EventInvokeDestinationConfig] = eventinvokeconfig("DestinationConfig") - MaximumEventAgeInSeconds: Optional[int] = eventinvokeconfig("MaximumEventAgeInSeconds") - MaximumRetryAttempts: Optional[int] = eventinvokeconfig("MaximumRetryAttempts") + DestinationConfig: EventInvokeDestinationConfig | None = eventinvokeconfig("DestinationConfig") + MaximumEventAgeInSeconds: int | None = eventinvokeconfig("MaximumEventAgeInSeconds") + MaximumRetryAttempts: int | None = eventinvokeconfig("MaximumRetryAttempts") class S3EventProperties(BaseModel): Bucket: SamIntrinsicable[str] = s3eventproperties("Bucket") Events: PassThroughProp = s3eventproperties("Events") - Filter: Optional[PassThroughProp] = s3eventproperties("Filter") + Filter: PassThroughProp | None = s3eventproperties("Filter") class S3Event(BaseModel): @@ -137,22 +137,22 @@ class S3Event(BaseModel): class SqsSubscription(BaseModel): - BatchSize: Optional[SamIntrinsicable[str]] = sqssubscription("BatchSize") - Enabled: Optional[bool] = sqssubscription("Enabled") + BatchSize: SamIntrinsicable[str] | None = sqssubscription("BatchSize") + Enabled: bool | None = sqssubscription("Enabled") QueueArn: SamIntrinsicable[str] = sqssubscription("QueueArn") - QueuePolicyLogicalId: Optional[str] = sqssubscription("QueuePolicyLogicalId") + QueuePolicyLogicalId: str | None = sqssubscription("QueuePolicyLogicalId") QueueUrl: SamIntrinsicable[str] = sqssubscription("QueueUrl") class SNSEventProperties(BaseModel): - FilterPolicy: Optional[PassThroughProp] = snseventproperties("FilterPolicy") - FilterPolicyScope: Optional[PassThroughProp] = passthrough_prop( + FilterPolicy: PassThroughProp | None = snseventproperties("FilterPolicy") + FilterPolicyScope: PassThroughProp | None = passthrough_prop( "sam-property-function-sns", "FilterPolicyScope", ["AWS::SNS::Subscription", "Properties", "FilterPolicyScope"], ) - Region: Optional[PassThroughProp] = snseventproperties("Region") - SqsSubscription: Optional[Union[bool, SqsSubscription]] = snseventproperties("SqsSubscription") + Region: PassThroughProp | None = snseventproperties("Region") + SqsSubscription: Union[bool, SqsSubscription] | None = snseventproperties("SqsSubscription") Topic: PassThroughProp = snseventproperties("Topic") @@ -163,31 +163,31 @@ class SNSEvent(BaseModel): class FunctionUrlConfig(BaseModel): AuthType: SamIntrinsicable[str] = functionurlconfig("AuthType") - Cors: Optional[PassThroughProp] = functionurlconfig("Cors") - InvokeMode: Optional[PassThroughProp] = functionurlconfig("InvokeMode") + Cors: PassThroughProp | None = functionurlconfig("Cors") + InvokeMode: PassThroughProp | None = functionurlconfig("InvokeMode") class KinesisEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = kinesiseventproperties("BatchSize") - BisectBatchOnFunctionError: Optional[PassThroughProp] = kinesiseventproperties("BisectBatchOnFunctionError") - DestinationConfig: Optional[PassThroughProp] = kinesiseventproperties("DestinationConfig") - Enabled: Optional[PassThroughProp] = kinesiseventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = kinesiseventproperties("FilterCriteria") - FunctionResponseTypes: Optional[PassThroughProp] = kinesiseventproperties("FunctionResponseTypes") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + BatchSize: PassThroughProp | None = kinesiseventproperties("BatchSize") + BisectBatchOnFunctionError: PassThroughProp | None = kinesiseventproperties("BisectBatchOnFunctionError") + DestinationConfig: PassThroughProp | None = kinesiseventproperties("DestinationConfig") + Enabled: PassThroughProp | None = kinesiseventproperties("Enabled") + FilterCriteria: PassThroughProp | None = kinesiseventproperties("FilterCriteria") + FunctionResponseTypes: PassThroughProp | None = kinesiseventproperties("FunctionResponseTypes") + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::EventSourceMapping", "Properties", "KmsKeyArn"], ) - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = kinesiseventproperties("MaximumBatchingWindowInSeconds") - MaximumRecordAgeInSeconds: Optional[PassThroughProp] = kinesiseventproperties("MaximumRecordAgeInSeconds") - MaximumRetryAttempts: Optional[PassThroughProp] = kinesiseventproperties("MaximumRetryAttempts") - ParallelizationFactor: Optional[PassThroughProp] = kinesiseventproperties("ParallelizationFactor") - StartingPosition: Optional[PassThroughProp] = kinesiseventproperties("StartingPosition") - StartingPositionTimestamp: Optional[PassThroughProp] = kinesiseventproperties("StartingPositionTimestamp") + MaximumBatchingWindowInSeconds: PassThroughProp | None = kinesiseventproperties("MaximumBatchingWindowInSeconds") + MaximumRecordAgeInSeconds: PassThroughProp | None = kinesiseventproperties("MaximumRecordAgeInSeconds") + MaximumRetryAttempts: PassThroughProp | None = kinesiseventproperties("MaximumRetryAttempts") + ParallelizationFactor: PassThroughProp | None = kinesiseventproperties("ParallelizationFactor") + StartingPosition: PassThroughProp | None = kinesiseventproperties("StartingPosition") + StartingPositionTimestamp: PassThroughProp | None = kinesiseventproperties("StartingPositionTimestamp") Stream: PassThroughProp = kinesiseventproperties("Stream") - TumblingWindowInSeconds: Optional[PassThroughProp] = kinesiseventproperties("TumblingWindowInSeconds") - MetricsConfig: Optional[PassThroughProp] + TumblingWindowInSeconds: PassThroughProp | None = kinesiseventproperties("TumblingWindowInSeconds") + MetricsConfig: PassThroughProp | None class KinesisEvent(BaseModel): @@ -196,28 +196,26 @@ class KinesisEvent(BaseModel): class DynamoDBEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = dynamodbeventproperties("BatchSize") - BisectBatchOnFunctionError: Optional[PassThroughProp] = dynamodbeventproperties("BisectBatchOnFunctionError") - DestinationConfig: Optional[PassThroughProp] = dynamodbeventproperties("DestinationConfig") - Enabled: Optional[PassThroughProp] = dynamodbeventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = dynamodbeventproperties("FilterCriteria") - FunctionResponseTypes: Optional[PassThroughProp] = dynamodbeventproperties("FunctionResponseTypes") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + BatchSize: PassThroughProp | None = dynamodbeventproperties("BatchSize") + BisectBatchOnFunctionError: PassThroughProp | None = dynamodbeventproperties("BisectBatchOnFunctionError") + DestinationConfig: PassThroughProp | None = dynamodbeventproperties("DestinationConfig") + Enabled: PassThroughProp | None = dynamodbeventproperties("Enabled") + FilterCriteria: PassThroughProp | None = dynamodbeventproperties("FilterCriteria") + FunctionResponseTypes: PassThroughProp | None = dynamodbeventproperties("FunctionResponseTypes") + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::EventSourceMapping", "Properties", "KmsKeyArn"], ) - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = dynamodbeventproperties( - "MaximumBatchingWindowInSeconds" - ) - MaximumRecordAgeInSeconds: Optional[PassThroughProp] = dynamodbeventproperties("MaximumRecordAgeInSeconds") - MaximumRetryAttempts: Optional[PassThroughProp] = dynamodbeventproperties("MaximumRetryAttempts") - ParallelizationFactor: Optional[PassThroughProp] = dynamodbeventproperties("ParallelizationFactor") - StartingPosition: Optional[PassThroughProp] = dynamodbeventproperties("StartingPosition") - StartingPositionTimestamp: Optional[PassThroughProp] = dynamodbeventproperties("StartingPositionTimestamp") + MaximumBatchingWindowInSeconds: PassThroughProp | None = dynamodbeventproperties("MaximumBatchingWindowInSeconds") + MaximumRecordAgeInSeconds: PassThroughProp | None = dynamodbeventproperties("MaximumRecordAgeInSeconds") + MaximumRetryAttempts: PassThroughProp | None = dynamodbeventproperties("MaximumRetryAttempts") + ParallelizationFactor: PassThroughProp | None = dynamodbeventproperties("ParallelizationFactor") + StartingPosition: PassThroughProp | None = dynamodbeventproperties("StartingPosition") + StartingPositionTimestamp: PassThroughProp | None = dynamodbeventproperties("StartingPositionTimestamp") Stream: PassThroughProp = dynamodbeventproperties("Stream") - TumblingWindowInSeconds: Optional[PassThroughProp] = dynamodbeventproperties("TumblingWindowInSeconds") - MetricsConfig: Optional[PassThroughProp] + TumblingWindowInSeconds: PassThroughProp | None = dynamodbeventproperties("TumblingWindowInSeconds") + MetricsConfig: PassThroughProp | None class DynamoDBEvent(BaseModel): @@ -226,25 +224,23 @@ class DynamoDBEvent(BaseModel): class DocumentDBEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = documentdbeventproperties("BatchSize") + BatchSize: PassThroughProp | None = documentdbeventproperties("BatchSize") Cluster: PassThroughProp = documentdbeventproperties("Cluster") - CollectionName: Optional[PassThroughProp] = documentdbeventproperties("CollectionName") + CollectionName: PassThroughProp | None = documentdbeventproperties("CollectionName") DatabaseName: PassThroughProp = documentdbeventproperties("DatabaseName") - Enabled: Optional[PassThroughProp] = documentdbeventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = documentdbeventproperties("FilterCriteria") - FullDocument: Optional[PassThroughProp] = documentdbeventproperties("FullDocument") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + Enabled: PassThroughProp | None = documentdbeventproperties("Enabled") + FilterCriteria: PassThroughProp | None = documentdbeventproperties("FilterCriteria") + FullDocument: PassThroughProp | None = documentdbeventproperties("FullDocument") + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::EventSourceMapping", "Properties", "KmsKeyArn"], ) - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = documentdbeventproperties( - "MaximumBatchingWindowInSeconds" - ) - SecretsManagerKmsKeyId: Optional[str] = documentdbeventproperties("SecretsManagerKmsKeyId") + MaximumBatchingWindowInSeconds: PassThroughProp | None = documentdbeventproperties("MaximumBatchingWindowInSeconds") + SecretsManagerKmsKeyId: str | None = documentdbeventproperties("SecretsManagerKmsKeyId") SourceAccessConfigurations: PassThroughProp = documentdbeventproperties("SourceAccessConfigurations") - StartingPosition: Optional[PassThroughProp] = documentdbeventproperties("StartingPosition") - StartingPositionTimestamp: Optional[PassThroughProp] = documentdbeventproperties("StartingPositionTimestamp") + StartingPosition: PassThroughProp | None = documentdbeventproperties("StartingPosition") + StartingPositionTimestamp: PassThroughProp | None = documentdbeventproperties("StartingPositionTimestamp") class DocumentDBEvent(BaseModel): @@ -253,15 +249,15 @@ class DocumentDBEvent(BaseModel): class SQSEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = sqseventproperties("BatchSize") - Enabled: Optional[PassThroughProp] = sqseventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = sqseventproperties("FilterCriteria") - FunctionResponseTypes: Optional[PassThroughProp] = sqseventproperties("FunctionResponseTypes") - KmsKeyArn: Optional[PassThroughProp] = sqseventproperties("KmsKeyArn") - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = sqseventproperties("MaximumBatchingWindowInSeconds") + BatchSize: PassThroughProp | None = sqseventproperties("BatchSize") + Enabled: PassThroughProp | None = sqseventproperties("Enabled") + FilterCriteria: PassThroughProp | None = sqseventproperties("FilterCriteria") + FunctionResponseTypes: PassThroughProp | None = sqseventproperties("FunctionResponseTypes") + KmsKeyArn: PassThroughProp | None = sqseventproperties("KmsKeyArn") + MaximumBatchingWindowInSeconds: PassThroughProp | None = sqseventproperties("MaximumBatchingWindowInSeconds") Queue: PassThroughProp = sqseventproperties("Queue") - ScalingConfig: Optional[PassThroughProp] # Update docs when live - MetricsConfig: Optional[PassThroughProp] + ScalingConfig: PassThroughProp | None # Update docs when live + MetricsConfig: PassThroughProp | None class SQSEvent(BaseModel): @@ -270,45 +266,45 @@ class SQSEvent(BaseModel): class ApiAuth(BaseModel): - ApiKeyRequired: Optional[bool] = apiauth("ApiKeyRequired") - AuthorizationScopes: Optional[List[str]] = apiauth("AuthorizationScopes") - Authorizer: Optional[str] = apiauth("Authorizer") - InvokeRole: Optional[SamIntrinsicable[str]] = apiauth("InvokeRole") - ResourcePolicy: Optional[ResourcePolicy] = apiauth("ResourcePolicy") + ApiKeyRequired: bool | None = apiauth("ApiKeyRequired") + AuthorizationScopes: list[str] | None = apiauth("AuthorizationScopes") + Authorizer: str | None = apiauth("Authorizer") + InvokeRole: SamIntrinsicable[str] | None = apiauth("InvokeRole") + ResourcePolicy: ResourcePolicy | None = apiauth("ResourcePolicy") # TODO explicitly mention in docs that intrinsics are not supported for OverrideApiAuth - OverrideApiAuth: Optional[bool] = apiauth("OverrideApiAuth") + OverrideApiAuth: bool | None = apiauth("OverrideApiAuth") class RequestModel(BaseModel): Model: str = requestmodel("Model") - Required: Optional[bool] = requestmodel("Required") - ValidateBody: Optional[bool] = requestmodel("ValidateBody") - ValidateParameters: Optional[bool] = requestmodel("ValidateParameters") + Required: bool | None = requestmodel("Required") + ValidateBody: bool | None = requestmodel("ValidateBody") + ValidateParameters: bool | None = requestmodel("ValidateParameters") class RequestParameters(BaseModel): - Caching: Optional[bool] = requestparameters("Caching") - Required: Optional[bool] = requestparameters("Required") + Caching: bool | None = requestparameters("Caching") + Required: bool | None = requestparameters("Required") # TODO: docs says either str or RequestParameter but implementation is an array of str or RequestParameter # remove this comment once updated documentation -RequestModelProperty = List[Union[str, Dict[str, RequestParameters]]] +RequestModelProperty = list[Union[str, dict[str, RequestParameters]]] class ApiEventProperties(BaseModel): - Auth: Optional[ApiAuth] = apieventproperties("Auth") + Auth: ApiAuth | None = apieventproperties("Auth") Method: str = apieventproperties("Method") Path: str = apieventproperties("Path") - RequestModel: Optional[RequestModel] = apieventproperties("RequestModel") - RequestParameters: Optional[RequestModelProperty] = apieventproperties("RequestParameters") - RestApiId: Optional[Union[str, Ref]] = apieventproperties("RestApiId") - TimeoutInMillis: Optional[PassThroughProp] = passthrough_prop( + RequestModel: RequestModel | None = apieventproperties("RequestModel") + RequestParameters: RequestModelProperty | None = apieventproperties("RequestParameters") + RestApiId: Union[str, Ref] | None = apieventproperties("RestApiId") + TimeoutInMillis: PassThroughProp | None = passthrough_prop( "sam-property-function-api", "TimeoutInMillis", ["AWS::ApiGateway::Method.Integration", "TimeoutInMillis"], ) - ResponseTransferMode: Optional[PassThroughProp] = apieventproperties("ResponseTransferMode") + ResponseTransferMode: PassThroughProp | None = apieventproperties("ResponseTransferMode") class ApiEvent(BaseModel): @@ -317,12 +313,12 @@ class ApiEvent(BaseModel): class CloudWatchEventProperties(BaseModel): - Enabled: Optional[bool] = cloudwatcheventproperties("Enabled") - EventBusName: Optional[PassThroughProp] = cloudwatcheventproperties("EventBusName") - Input: Optional[PassThroughProp] = cloudwatcheventproperties("Input") - InputPath: Optional[PassThroughProp] = cloudwatcheventproperties("InputPath") - Pattern: Optional[PassThroughProp] = cloudwatcheventproperties("Pattern") - State: Optional[PassThroughProp] = cloudwatcheventproperties("State") + Enabled: bool | None = cloudwatcheventproperties("Enabled") + EventBusName: PassThroughProp | None = cloudwatcheventproperties("EventBusName") + Input: PassThroughProp | None = cloudwatcheventproperties("Input") + InputPath: PassThroughProp | None = cloudwatcheventproperties("InputPath") + Pattern: PassThroughProp | None = cloudwatcheventproperties("Pattern") + State: PassThroughProp | None = cloudwatcheventproperties("State") class CloudWatchEvent(BaseModel): @@ -331,20 +327,20 @@ class CloudWatchEvent(BaseModel): class DeadLetterConfig(BaseModel): - Arn: Optional[PassThroughProp] = deadletterconfig("Arn") - QueueLogicalId: Optional[str] = deadletterconfig("QueueLogicalId") - Type: Optional[Literal["SQS"]] = deadletterconfig("Type") + Arn: PassThroughProp | None = deadletterconfig("Arn") + QueueLogicalId: str | None = deadletterconfig("QueueLogicalId") + Type: Literal["SQS"] | None = deadletterconfig("Type") class EventsScheduleProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = eventsscheduleproperties("DeadLetterConfig") - Description: Optional[PassThroughProp] = eventsscheduleproperties("Description") - Enabled: Optional[bool] = eventsscheduleproperties("Enabled") - Input: Optional[PassThroughProp] = eventsscheduleproperties("Input") - Name: Optional[PassThroughProp] = eventsscheduleproperties("Name") - RetryPolicy: Optional[PassThroughProp] = eventsscheduleproperties("RetryPolicy") - Schedule: Optional[PassThroughProp] = eventsscheduleproperties("Schedule") - State: Optional[PassThroughProp] = eventsscheduleproperties("State") + DeadLetterConfig: DeadLetterConfig | None = eventsscheduleproperties("DeadLetterConfig") + Description: PassThroughProp | None = eventsscheduleproperties("Description") + Enabled: bool | None = eventsscheduleproperties("Enabled") + Input: PassThroughProp | None = eventsscheduleproperties("Input") + Name: PassThroughProp | None = eventsscheduleproperties("Name") + RetryPolicy: PassThroughProp | None = eventsscheduleproperties("RetryPolicy") + Schedule: PassThroughProp | None = eventsscheduleproperties("Schedule") + State: PassThroughProp | None = eventsscheduleproperties("State") class ScheduleEvent(BaseModel): @@ -357,15 +353,15 @@ class EventBridgeRuleTarget(BaseModel): class EventBridgeRuleEventProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = eventbridgeruleeventproperties("DeadLetterConfig") - EventBusName: Optional[PassThroughProp] = eventbridgeruleeventproperties("EventBusName") - Input: Optional[PassThroughProp] = eventbridgeruleeventproperties("Input") - InputPath: Optional[PassThroughProp] = eventbridgeruleeventproperties("InputPath") + DeadLetterConfig: DeadLetterConfig | None = eventbridgeruleeventproperties("DeadLetterConfig") + EventBusName: PassThroughProp | None = eventbridgeruleeventproperties("EventBusName") + Input: PassThroughProp | None = eventbridgeruleeventproperties("Input") + InputPath: PassThroughProp | None = eventbridgeruleeventproperties("InputPath") Pattern: PassThroughProp = eventbridgeruleeventproperties("Pattern") - RetryPolicy: Optional[PassThroughProp] = eventbridgeruleeventproperties("RetryPolicy") - Target: Optional[EventBridgeRuleTarget] = eventbridgeruleeventproperties("Target") - InputTransformer: Optional[PassThroughProp] = eventbridgeruleeventproperties("InputTransformer") - RuleName: Optional[PassThroughProp] = eventbridgeruleeventproperties("RuleName") + RetryPolicy: PassThroughProp | None = eventbridgeruleeventproperties("RetryPolicy") + Target: EventBridgeRuleTarget | None = eventbridgeruleeventproperties("Target") + InputTransformer: PassThroughProp | None = eventbridgeruleeventproperties("InputTransformer") + RuleName: PassThroughProp | None = eventbridgeruleeventproperties("RuleName") class EventBridgeRuleEvent(BaseModel): @@ -384,7 +380,7 @@ class CloudWatchLogsEvent(BaseModel): class IoTRuleEventProperties(BaseModel): - AwsIotSqlVersion: Optional[PassThroughProp] = iotruleeventproperties("AwsIotSqlVersion") + AwsIotSqlVersion: PassThroughProp | None = iotruleeventproperties("AwsIotSqlVersion") Sql: PassThroughProp = iotruleeventproperties("Sql") @@ -394,12 +390,12 @@ class IoTRuleEvent(BaseModel): class AlexaSkillEventProperties(BaseModel): - SkillId: Optional[str] = alexaskilleventproperties("SkillId") + SkillId: str | None = alexaskilleventproperties("SkillId") class AlexaSkillEvent(BaseModel): Type: Literal["AlexaSkill"] = event("Type") - Properties: Optional[AlexaSkillEventProperties] = event("Properties") + Properties: AlexaSkillEventProperties | None = event("Properties") class CognitoEventProperties(BaseModel): @@ -413,58 +409,58 @@ class CognitoEvent(BaseModel): class HttpApiAuth(BaseModel): - AuthorizationScopes: Optional[List[str]] = httpapiauth("AuthorizationScopes") - Authorizer: Optional[str] = httpapiauth("Authorizer") + AuthorizationScopes: list[str] | None = httpapiauth("AuthorizationScopes") + Authorizer: str | None = httpapiauth("Authorizer") class HttpApiEventProperties(BaseModel): - ApiId: Optional[SamIntrinsicable[str]] = httpapieventproperties("ApiId") - Auth: Optional[HttpApiAuth] = httpapieventproperties("Auth") - Method: Optional[str] = httpapieventproperties("Method") - Path: Optional[str] = httpapieventproperties("Path") - PayloadFormatVersion: Optional[SamIntrinsicable[str]] = httpapieventproperties("PayloadFormatVersion") - RouteSettings: Optional[PassThroughProp] = httpapieventproperties("RouteSettings") - TimeoutInMillis: Optional[SamIntrinsicable[int]] = httpapieventproperties("TimeoutInMillis") + ApiId: SamIntrinsicable[str] | None = httpapieventproperties("ApiId") + Auth: HttpApiAuth | None = httpapieventproperties("Auth") + Method: str | None = httpapieventproperties("Method") + Path: str | None = httpapieventproperties("Path") + PayloadFormatVersion: SamIntrinsicable[str] | None = httpapieventproperties("PayloadFormatVersion") + RouteSettings: PassThroughProp | None = httpapieventproperties("RouteSettings") + TimeoutInMillis: SamIntrinsicable[int] | None = httpapieventproperties("TimeoutInMillis") class HttpApiEvent(BaseModel): Type: Literal["HttpApi"] = event("Type") - Properties: Optional[HttpApiEventProperties] = event("Properties") + Properties: HttpApiEventProperties | None = event("Properties") class MSKEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = passthrough_prop( + BatchSize: PassThroughProp | None = passthrough_prop( "sam-property-function-msk", "BatchSize", ["AWS::Lambda::EventSourceMapping", "Properties", "BatchSize"], ) - ConsumerGroupId: Optional[PassThroughProp] = mskeventproperties("ConsumerGroupId") - Enabled: Optional[PassThroughProp] = passthrough_prop( + ConsumerGroupId: PassThroughProp | None = mskeventproperties("ConsumerGroupId") + Enabled: PassThroughProp | None = passthrough_prop( "sam-property-function-msk", "Enabled", ["AWS::Lambda::EventSourceMapping", "Properties", "Enabled"], ) - FilterCriteria: Optional[PassThroughProp] = mskeventproperties("FilterCriteria") - KmsKeyArn: Optional[PassThroughProp] = mskeventproperties("KmsKeyArn") - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = mskeventproperties("MaximumBatchingWindowInSeconds") - StartingPosition: Optional[PassThroughProp] = mskeventproperties("StartingPosition") - StartingPositionTimestamp: Optional[PassThroughProp] = mskeventproperties("StartingPositionTimestamp") + FilterCriteria: PassThroughProp | None = mskeventproperties("FilterCriteria") + KmsKeyArn: PassThroughProp | None = mskeventproperties("KmsKeyArn") + MaximumBatchingWindowInSeconds: PassThroughProp | None = mskeventproperties("MaximumBatchingWindowInSeconds") + StartingPosition: PassThroughProp | None = mskeventproperties("StartingPosition") + StartingPositionTimestamp: PassThroughProp | None = mskeventproperties("StartingPositionTimestamp") Stream: PassThroughProp = mskeventproperties("Stream") Topics: PassThroughProp = mskeventproperties("Topics") - SourceAccessConfigurations: Optional[PassThroughProp] = mskeventproperties("SourceAccessConfigurations") - DestinationConfig: Optional[PassThroughProp] = passthrough_prop( + SourceAccessConfigurations: PassThroughProp | None = mskeventproperties("SourceAccessConfigurations") + DestinationConfig: PassThroughProp | None = passthrough_prop( "sam-property-function-msk", "DestinationConfig", ["AWS::Lambda::EventSourceMapping", "Properties", "DestinationConfig"], ) - ProvisionedPollerConfig: Optional[PassThroughProp] = mskeventproperties("ProvisionedPollerConfig") - SchemaRegistryConfig: Optional[PassThroughProp] = mskeventproperties("SchemaRegistryConfig") - MetricsConfig: Optional[PassThroughProp] = mskeventproperties("MetricsConfig") - LoggingConfig: Optional[PassThroughProp] = mskeventproperties("LoggingConfig") - BisectBatchOnFunctionError: Optional[PassThroughProp] = mskeventproperties("BisectBatchOnFunctionError") - FunctionResponseTypes: Optional[PassThroughProp] = mskeventproperties("FunctionResponseTypes") - MaximumRecordAgeInSeconds: Optional[PassThroughProp] = mskeventproperties("MaximumRecordAgeInSeconds") - MaximumRetryAttempts: Optional[PassThroughProp] = mskeventproperties("MaximumRetryAttempts") + ProvisionedPollerConfig: PassThroughProp | None = mskeventproperties("ProvisionedPollerConfig") + SchemaRegistryConfig: PassThroughProp | None = mskeventproperties("SchemaRegistryConfig") + MetricsConfig: PassThroughProp | None = mskeventproperties("MetricsConfig") + LoggingConfig: PassThroughProp | None = mskeventproperties("LoggingConfig") + BisectBatchOnFunctionError: PassThroughProp | None = mskeventproperties("BisectBatchOnFunctionError") + FunctionResponseTypes: PassThroughProp | None = mskeventproperties("FunctionResponseTypes") + MaximumRecordAgeInSeconds: PassThroughProp | None = mskeventproperties("MaximumRecordAgeInSeconds") + MaximumRetryAttempts: PassThroughProp | None = mskeventproperties("MaximumRetryAttempts") class MSKEvent(BaseModel): @@ -473,19 +469,19 @@ class MSKEvent(BaseModel): class MQEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = mqeventproperties("BatchSize") + BatchSize: PassThroughProp | None = mqeventproperties("BatchSize") Broker: PassThroughProp = mqeventproperties("Broker") - DynamicPolicyName: Optional[bool] = mqeventproperties("DynamicPolicyName") - Enabled: Optional[PassThroughProp] = mqeventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = mqeventproperties("FilterCriteria") - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + DynamicPolicyName: bool | None = mqeventproperties("DynamicPolicyName") + Enabled: PassThroughProp | None = mqeventproperties("Enabled") + FilterCriteria: PassThroughProp | None = mqeventproperties("FilterCriteria") + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::EventSourceMapping", "Properties", "KmsKeyArn"], ) - MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = mqeventproperties("MaximumBatchingWindowInSeconds") + MaximumBatchingWindowInSeconds: PassThroughProp | None = mqeventproperties("MaximumBatchingWindowInSeconds") Queues: PassThroughProp = mqeventproperties("Queues") - SecretsManagerKmsKeyId: Optional[str] = mqeventproperties("SecretsManagerKmsKeyId") + SecretsManagerKmsKeyId: str | None = mqeventproperties("SecretsManagerKmsKeyId") SourceAccessConfigurations: PassThroughProp = mqeventproperties("SourceAccessConfigurations") @@ -495,32 +491,28 @@ class MQEvent(BaseModel): class SelfManagedKafkaEventProperties(BaseModel): - BatchSize: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("BatchSize") - ConsumerGroupId: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("ConsumerGroupId") - Enabled: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("Enabled") - FilterCriteria: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("FilterCriteria") - KafkaBootstrapServers: Optional[List[SamIntrinsicable[str]]] = selfmanagedkafkaeventproperties( - "KafkaBootstrapServers" - ) - KmsKeyArn: Optional[PassThroughProp] = passthrough_prop( + BatchSize: PassThroughProp | None = selfmanagedkafkaeventproperties("BatchSize") + ConsumerGroupId: PassThroughProp | None = selfmanagedkafkaeventproperties("ConsumerGroupId") + Enabled: PassThroughProp | None = selfmanagedkafkaeventproperties("Enabled") + FilterCriteria: PassThroughProp | None = selfmanagedkafkaeventproperties("FilterCriteria") + KafkaBootstrapServers: list[SamIntrinsicable[str]] | None = selfmanagedkafkaeventproperties("KafkaBootstrapServers") + KmsKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "KmsKeyArn", ["AWS::Lambda::EventSourceMapping", "Properties", "KmsKeyArn"], ) SourceAccessConfigurations: PassThroughProp = selfmanagedkafkaeventproperties("SourceAccessConfigurations") - StartingPosition: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("StartingPosition") - StartingPositionTimestamp: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("StartingPositionTimestamp") + StartingPosition: PassThroughProp | None = selfmanagedkafkaeventproperties("StartingPosition") + StartingPositionTimestamp: PassThroughProp | None = selfmanagedkafkaeventproperties("StartingPositionTimestamp") Topics: PassThroughProp = selfmanagedkafkaeventproperties("Topics") - MetricsConfig: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("MetricsConfig") - ProvisionedPollerConfig: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("ProvisionedPollerConfig") - SchemaRegistryConfig: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("SchemaRegistryConfig") - LoggingConfig: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("LoggingConfig") - BisectBatchOnFunctionError: Optional[PassThroughProp] = selfmanagedkafkaeventproperties( - "BisectBatchOnFunctionError" - ) - MaximumRecordAgeInSeconds: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("MaximumRecordAgeInSeconds") - MaximumRetryAttempts: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("MaximumRetryAttempts") - FunctionResponseTypes: Optional[PassThroughProp] = selfmanagedkafkaeventproperties("FunctionResponseTypes") + MetricsConfig: PassThroughProp | None = selfmanagedkafkaeventproperties("MetricsConfig") + ProvisionedPollerConfig: PassThroughProp | None = selfmanagedkafkaeventproperties("ProvisionedPollerConfig") + SchemaRegistryConfig: PassThroughProp | None = selfmanagedkafkaeventproperties("SchemaRegistryConfig") + LoggingConfig: PassThroughProp | None = selfmanagedkafkaeventproperties("LoggingConfig") + BisectBatchOnFunctionError: PassThroughProp | None = selfmanagedkafkaeventproperties("BisectBatchOnFunctionError") + MaximumRecordAgeInSeconds: PassThroughProp | None = selfmanagedkafkaeventproperties("MaximumRecordAgeInSeconds") + MaximumRetryAttempts: PassThroughProp | None = selfmanagedkafkaeventproperties("MaximumRetryAttempts") + FunctionResponseTypes: PassThroughProp | None = selfmanagedkafkaeventproperties("FunctionResponseTypes") class SelfManagedKafkaEvent(BaseModel): @@ -530,23 +522,23 @@ class SelfManagedKafkaEvent(BaseModel): # TODO: Same as ScheduleV2EventProperties in state machine? class ScheduleV2EventProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = schedulev2eventproperties("DeadLetterConfig") - Description: Optional[PassThroughProp] = schedulev2eventproperties("Description") - EndDate: Optional[PassThroughProp] = schedulev2eventproperties("EndDate") - FlexibleTimeWindow: Optional[PassThroughProp] = schedulev2eventproperties("FlexibleTimeWindow") - GroupName: Optional[PassThroughProp] = schedulev2eventproperties("GroupName") - Input: Optional[PassThroughProp] = schedulev2eventproperties("Input") - KmsKeyArn: Optional[PassThroughProp] = schedulev2eventproperties("KmsKeyArn") - Name: Optional[PassThroughProp] = schedulev2eventproperties("Name") - PermissionsBoundary: Optional[PassThroughProp] = schedulev2eventproperties("PermissionsBoundary") - RetryPolicy: Optional[PassThroughProp] = schedulev2eventproperties("RetryPolicy") - RoleArn: Optional[PassThroughProp] = schedulev2eventproperties("RoleArn") - ScheduleExpression: Optional[PassThroughProp] = schedulev2eventproperties("ScheduleExpression") - ScheduleExpressionTimezone: Optional[PassThroughProp] = schedulev2eventproperties("ScheduleExpressionTimezone") - StartDate: Optional[PassThroughProp] = schedulev2eventproperties("StartDate") - State: Optional[PassThroughProp] = schedulev2eventproperties("State") + DeadLetterConfig: DeadLetterConfig | None = schedulev2eventproperties("DeadLetterConfig") + Description: PassThroughProp | None = schedulev2eventproperties("Description") + EndDate: PassThroughProp | None = schedulev2eventproperties("EndDate") + FlexibleTimeWindow: PassThroughProp | None = schedulev2eventproperties("FlexibleTimeWindow") + GroupName: PassThroughProp | None = schedulev2eventproperties("GroupName") + Input: PassThroughProp | None = schedulev2eventproperties("Input") + KmsKeyArn: PassThroughProp | None = schedulev2eventproperties("KmsKeyArn") + Name: PassThroughProp | None = schedulev2eventproperties("Name") + PermissionsBoundary: PassThroughProp | None = schedulev2eventproperties("PermissionsBoundary") + RetryPolicy: PassThroughProp | None = schedulev2eventproperties("RetryPolicy") + RoleArn: PassThroughProp | None = schedulev2eventproperties("RoleArn") + ScheduleExpression: PassThroughProp | None = schedulev2eventproperties("ScheduleExpression") + ScheduleExpressionTimezone: PassThroughProp | None = schedulev2eventproperties("ScheduleExpressionTimezone") + StartDate: PassThroughProp | None = schedulev2eventproperties("StartDate") + State: PassThroughProp | None = schedulev2eventproperties("State") # OmitName is a SAM-specific boolean property, not a CloudFormation pass-through property - OmitName: Optional[bool] + OmitName: bool | None class ScheduleV2Event(BaseModel): @@ -554,83 +546,83 @@ class ScheduleV2Event(BaseModel): Properties: ScheduleV2EventProperties = event("Properties") -Handler = Optional[PassThroughProp] -Runtime = Optional[PassThroughProp] -CodeUriType = Optional[Union[str, CodeUri]] -DeadLetterQueueType = Optional[SamIntrinsicable[DeadLetterQueue]] -Description = Optional[PassThroughProp] -MemorySize = Optional[PassThroughProp] -Timeout = Optional[PassThroughProp] -VpcConfig = Optional[PassThroughProp] -Environment = Optional[PassThroughProp] -Tags = Optional[DictStrAny] -Tracing = Optional[SamIntrinsicable[Literal["Active", "PassThrough", "Disabled"]]] -KmsKeyArn = Optional[PassThroughProp] -Layers = Optional[PassThroughProp] -AutoPublishAlias = Optional[SamIntrinsicable[str]] -AutoPublishAliasAllProperties = Optional[bool] -RolePath = Optional[PassThroughProp] -PermissionsBoundary = Optional[PassThroughProp] -ReservedConcurrentExecutions = Optional[PassThroughProp] -ProvisionedConcurrencyConfig = Optional[PassThroughProp] -AssumeRolePolicyDocument = Optional[DictStrAny] -Architectures = Optional[PassThroughProp] -EphemeralStorage = Optional[PassThroughProp] -SnapStart = Optional[PassThroughProp] # TODO: check the type -RuntimeManagementConfig = Optional[PassThroughProp] # TODO: check the type -LoggingConfig = Optional[PassThroughProp] # Type alias - documentation added to Properties and Globals classes -RecursiveLoop = Optional[PassThroughProp] -SourceKMSKeyArn = Optional[PassThroughProp] -TenancyConfig = Optional[PassThroughProp] +Handler = PassThroughProp | None +Runtime = PassThroughProp | None +CodeUriType = Union[str, CodeUri] | None +DeadLetterQueueType = SamIntrinsicable[DeadLetterQueue] | None +Description = PassThroughProp | None +MemorySize = PassThroughProp | None +Timeout = PassThroughProp | None +VpcConfig = PassThroughProp | None +Environment = PassThroughProp | None +Tags = DictStrAny | None +Tracing = SamIntrinsicable[Literal["Active", "PassThrough", "Disabled"]] | None +KmsKeyArn = PassThroughProp | None +Layers = PassThroughProp | None +AutoPublishAlias = SamIntrinsicable[str] | None +AutoPublishAliasAllProperties = bool | None +RolePath = PassThroughProp | None +PermissionsBoundary = PassThroughProp | None +ReservedConcurrentExecutions = PassThroughProp | None +ProvisionedConcurrencyConfig = PassThroughProp | None +AssumeRolePolicyDocument = DictStrAny | None +Architectures = PassThroughProp | None +EphemeralStorage = PassThroughProp | None +SnapStart = PassThroughProp | None # TODO: check the type +RuntimeManagementConfig = PassThroughProp | None # TODO: check the type +LoggingConfig = PassThroughProp | None # Type alias - documentation added to Properties and Globals classes +RecursiveLoop = PassThroughProp | None +SourceKMSKeyArn = PassThroughProp | None +TenancyConfig = PassThroughProp | None class CapacityProviderConfig(BaseModel): Arn: SamIntrinsicable[str] = capacityproviderconfig("Arn") - PerExecutionEnvironmentMaxConcurrency: Optional[SamIntrinsicable[int]] = capacityproviderconfig( + PerExecutionEnvironmentMaxConcurrency: SamIntrinsicable[int] | None = capacityproviderconfig( "PerExecutionEnvironmentMaxConcurrency" ) - ExecutionEnvironmentMemoryGiBPerVCpu: Optional[SamIntrinsicable[Union[int, float]]] = capacityproviderconfig( + ExecutionEnvironmentMemoryGiBPerVCpu: SamIntrinsicable[Union[int, float]] | None = capacityproviderconfig( "ExecutionEnvironmentMemoryGiBPerVCpu" ) class Properties(BaseModel): - Architectures: Optional[Architectures] = passthrough_prop( + Architectures: Architectures | None = passthrough_prop( PROPERTIES_STEM, "Architectures", ["AWS::Lambda::Function", "Properties", "Architectures"], ) - AssumeRolePolicyDocument: Optional[AssumeRolePolicyDocument] = prop("AssumeRolePolicyDocument") - AutoPublishAlias: Optional[AutoPublishAlias] = prop("AutoPublishAlias") - AutoPublishAliasAllProperties: Optional[AutoPublishAliasAllProperties] = prop("AutoPublishAliasAllProperties") - AutoPublishCodeSha256: Optional[SamIntrinsicable[str]] = prop("AutoPublishCodeSha256") - CodeSigningConfigArn: Optional[SamIntrinsicable[str]] = passthrough_prop( + AssumeRolePolicyDocument: AssumeRolePolicyDocument | None = prop("AssumeRolePolicyDocument") + AutoPublishAlias: AutoPublishAlias | None = prop("AutoPublishAlias") + AutoPublishAliasAllProperties: AutoPublishAliasAllProperties | None = prop("AutoPublishAliasAllProperties") + AutoPublishCodeSha256: SamIntrinsicable[str] | None = prop("AutoPublishCodeSha256") + CodeSigningConfigArn: SamIntrinsicable[str] | None = passthrough_prop( PROPERTIES_STEM, "CodeSigningConfigArn", ["AWS::Lambda::Function", "Properties", "CodeSigningConfigArn"], ) - CodeUri: Optional[CodeUriType] = prop("CodeUri") - DeadLetterQueue: Optional[DeadLetterQueueType] = prop("DeadLetterQueue") - DeploymentPreference: Optional[DeploymentPreference] = prop("DeploymentPreference") - Description: Optional[Description] = passthrough_prop( + CodeUri: CodeUriType | None = prop("CodeUri") + DeadLetterQueue: DeadLetterQueueType | None = prop("DeadLetterQueue") + DeploymentPreference: DeploymentPreference | None = prop("DeploymentPreference") + Description: Description | None = passthrough_prop( PROPERTIES_STEM, "Description", ["AWS::Lambda::Function", "Properties", "Description"], ) # TODO: Make the notation shorter; resource type and SAM/CFN property names usually same - Environment: Optional[Environment] = passthrough_prop( + Environment: Environment | None = passthrough_prop( PROPERTIES_STEM, "Environment", ["AWS::Lambda::Function", "Properties", "Environment"], ) - EphemeralStorage: Optional[EphemeralStorage] = passthrough_prop( + EphemeralStorage: EphemeralStorage | None = passthrough_prop( PROPERTIES_STEM, "EphemeralStorage", ["AWS::Lambda::Function", "Properties", "EphemeralStorage"], ) - EventInvokeConfig: Optional[EventInvokeConfig] = prop("EventInvokeConfig") - Events: Optional[ - Dict[ + EventInvokeConfig: EventInvokeConfig | None = prop("EventInvokeConfig") + Events: ( + dict[ str, Union[ S3Event, @@ -654,102 +646,103 @@ class Properties(BaseModel): SelfManagedKafkaEvent, ], ] - ] = prop("Events") - FileSystemConfigs: Optional[PassThroughProp] = passthrough_prop( + | None + ) = prop("Events") + FileSystemConfigs: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "FileSystemConfigs", ["AWS::Lambda::Function", "Properties", "FileSystemConfigs"], ) - FunctionName: Optional[PassThroughProp] = passthrough_prop( + FunctionName: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "FunctionName", ["AWS::Lambda::Function", "Properties", "FunctionName"], ) - FunctionUrlConfig: Optional[FunctionUrlConfig] = prop("FunctionUrlConfig") - Handler: Optional[Handler] = passthrough_prop( + FunctionUrlConfig: FunctionUrlConfig | None = prop("FunctionUrlConfig") + Handler: Handler | None = passthrough_prop( PROPERTIES_STEM, "Handler", ["AWS::Lambda::Function", "Properties", "Handler"], ) - ImageConfig: Optional[PassThroughProp] = passthrough_prop( + ImageConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "ImageConfig", ["AWS::Lambda::Function", "Properties", "ImageConfig"], ) - ImageUri: Optional[PassThroughProp] = passthrough_prop( + ImageUri: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "ImageUri", ["AWS::Lambda::Function.Code", "ImageUri"], ) - InlineCode: Optional[PassThroughProp] = prop("InlineCode") - KmsKeyArn: Optional[KmsKeyArn] = prop("KmsKeyArn") - Layers: Optional[Layers] = prop("Layers") - MemorySize: Optional[MemorySize] = prop("MemorySize") - PackageType: Optional[PassThroughProp] = prop("PackageType") - RolePath: Optional[RolePath] = passthrough_prop( + InlineCode: PassThroughProp | None = prop("InlineCode") + KmsKeyArn: KmsKeyArn | None = prop("KmsKeyArn") + Layers: Layers | None = prop("Layers") + MemorySize: MemorySize | None = prop("MemorySize") + PackageType: PassThroughProp | None = prop("PackageType") + RolePath: RolePath | None = passthrough_prop( PROPERTIES_STEM, "RolePath", ["AWS::IAM::Role", "Properties", "Path"], ) - PermissionsBoundary: Optional[PermissionsBoundary] = passthrough_prop( + PermissionsBoundary: PermissionsBoundary | None = passthrough_prop( PROPERTIES_STEM, "PermissionsBoundary", ["AWS::IAM::Role", "Properties", "PermissionsBoundary"], ) - Policies: Optional[Union[str, DictStrAny, List[Union[str, DictStrAny]]]] = prop("Policies") - ProvisionedConcurrencyConfig: Optional[ProvisionedConcurrencyConfig] = passthrough_prop( + Policies: Union[str, DictStrAny, list[Union[str, DictStrAny]]] | None = prop("Policies") + ProvisionedConcurrencyConfig: ProvisionedConcurrencyConfig | None = passthrough_prop( PROPERTIES_STEM, "ProvisionedConcurrencyConfig", ["AWS::Lambda::Alias", "Properties", "ProvisionedConcurrencyConfig"], ) - ReservedConcurrentExecutions: Optional[ReservedConcurrentExecutions] = prop("ReservedConcurrentExecutions") - Role: Optional[SamIntrinsicable[str]] = prop("Role") - Runtime: Optional[Runtime] = passthrough_prop( + ReservedConcurrentExecutions: ReservedConcurrentExecutions | None = prop("ReservedConcurrentExecutions") + Role: SamIntrinsicable[str] | None = prop("Role") + Runtime: Runtime | None = passthrough_prop( PROPERTIES_STEM, "Runtime", ["AWS::Lambda::Function", "Properties", "Runtime"], ) - SnapStart: Optional[SnapStart] = prop("SnapStart") - RuntimeManagementConfig: Optional[RuntimeManagementConfig] = prop("RuntimeManagementConfig") - Tags: Optional[Tags] = prop("Tags") - PropagateTags: Optional[bool] = prop("PropagateTags") - Timeout: Optional[Timeout] = prop("Timeout") - Tracing: Optional[Tracing] = prop("Tracing") - VersionDescription: Optional[PassThroughProp] = prop("VersionDescription") - VpcConfig: Optional[VpcConfig] = prop("VpcConfig") - LoggingConfig: Optional[PassThroughProp] = passthrough_prop( + SnapStart: SnapStart | None = prop("SnapStart") + RuntimeManagementConfig: RuntimeManagementConfig | None = prop("RuntimeManagementConfig") + Tags: Tags | None = prop("Tags") + PropagateTags: bool | None = prop("PropagateTags") + Timeout: Timeout | None = prop("Timeout") + Tracing: Tracing | None = prop("Tracing") + VersionDescription: PassThroughProp | None = prop("VersionDescription") + VpcConfig: VpcConfig | None = prop("VpcConfig") + LoggingConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "LoggingConfig", ["AWS::Lambda::Function", "Properties", "LoggingConfig"], ) - RecursiveLoop: Optional[PassThroughProp] = passthrough_prop( + RecursiveLoop: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "RecursiveLoop", ["AWS::Lambda::Function", "Properties", "RecursiveLoop"], ) - SourceKMSKeyArn: Optional[PassThroughProp] = passthrough_prop( + SourceKMSKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "SourceKMSKeyArn", ["AWS::Lambda::Function.Code", "SourceKMSKeyArn"], ) - CapacityProviderConfig: Optional[CapacityProviderConfig] = prop("CapacityProviderConfig") - FunctionScalingConfig: Optional[PassThroughProp] = passthrough_prop( + CapacityProviderConfig: CapacityProviderConfig | None = prop("CapacityProviderConfig") + FunctionScalingConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "FunctionScalingConfig", ["AWS::Lambda::Function", "Properties", "FunctionScalingConfig"], ) - VersionDeletionPolicy: Optional[SamIntrinsicable[Union[str, bool]]] = prop("VersionDeletionPolicy") - PublishToLatestPublished: Optional[PassThroughProp] = passthrough_prop( + VersionDeletionPolicy: SamIntrinsicable[Union[str, bool]] | None = prop("VersionDeletionPolicy") + PublishToLatestPublished: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "PublishToLatestPublished", ["AWS::Lambda::Function", "Properties", "PublishToLatestPublished"], ) - TenancyConfig: Optional[PassThroughProp] = passthrough_prop( + TenancyConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "TenancyConfig", ["AWS::Lambda::Function", "Properties", "TenancyConfig"], ) - DurableConfig: Optional[PassThroughProp] = passthrough_prop( + DurableConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "DurableConfig", ["AWS::Lambda::Function", "Properties", "DurableConfig"], @@ -757,93 +750,93 @@ class Properties(BaseModel): class Globals(BaseModel): - Handler: Optional[Handler] = passthrough_prop( + Handler: Handler | None = passthrough_prop( PROPERTIES_STEM, "Handler", ["AWS::Lambda::Function", "Properties", "Handler"], ) - Runtime: Optional[Runtime] = passthrough_prop( + Runtime: Runtime | None = passthrough_prop( PROPERTIES_STEM, "Runtime", ["AWS::Lambda::Function", "Properties", "Runtime"], ) - CodeUri: Optional[CodeUriType] = prop("CodeUri") - DeadLetterQueue: Optional[DeadLetterQueueType] = prop("DeadLetterQueue") - Description: Optional[Description] = prop("Description") - MemorySize: Optional[MemorySize] = prop("MemorySize") - Timeout: Optional[Timeout] = prop("Timeout") - VpcConfig: Optional[VpcConfig] = prop("VpcConfig") - Environment: Optional[Environment] = passthrough_prop( + CodeUri: CodeUriType | None = prop("CodeUri") + DeadLetterQueue: DeadLetterQueueType | None = prop("DeadLetterQueue") + Description: Description | None = prop("Description") + MemorySize: MemorySize | None = prop("MemorySize") + Timeout: Timeout | None = prop("Timeout") + VpcConfig: VpcConfig | None = prop("VpcConfig") + Environment: Environment | None = passthrough_prop( PROPERTIES_STEM, "Environment", ["AWS::Lambda::Function", "Properties", "Environment"], ) - Tags: Optional[Tags] = prop("Tags") - PropagateTags: Optional[bool] = prop("PropagateTags") - Tracing: Optional[Tracing] = prop("Tracing") - KmsKeyArn: Optional[KmsKeyArn] = prop("KmsKeyArn") - Layers: Optional[Layers] = prop("Layers") - AutoPublishAlias: Optional[AutoPublishAlias] = prop("AutoPublishAlias") - DeploymentPreference: Optional[DeploymentPreference] = prop("DeploymentPreference") - RolePath: Optional[RolePath] = passthrough_prop( + Tags: Tags | None = prop("Tags") + PropagateTags: bool | None = prop("PropagateTags") + Tracing: Tracing | None = prop("Tracing") + KmsKeyArn: KmsKeyArn | None = prop("KmsKeyArn") + Layers: Layers | None = prop("Layers") + AutoPublishAlias: AutoPublishAlias | None = prop("AutoPublishAlias") + DeploymentPreference: DeploymentPreference | None = prop("DeploymentPreference") + RolePath: RolePath | None = passthrough_prop( PROPERTIES_STEM, "RolePath", ["AWS::IAM::Role", "Properties", "Path"], ) - PermissionsBoundary: Optional[PermissionsBoundary] = passthrough_prop( + PermissionsBoundary: PermissionsBoundary | None = passthrough_prop( PROPERTIES_STEM, "PermissionsBoundary", ["AWS::IAM::Role", "Properties", "PermissionsBoundary"], ) - ReservedConcurrentExecutions: Optional[ReservedConcurrentExecutions] = prop("ReservedConcurrentExecutions") - ProvisionedConcurrencyConfig: Optional[ProvisionedConcurrencyConfig] = prop("ProvisionedConcurrencyConfig") - AssumeRolePolicyDocument: Optional[AssumeRolePolicyDocument] = prop("AssumeRolePolicyDocument") - EventInvokeConfig: Optional[EventInvokeConfig] = prop("EventInvokeConfig") - Architectures: Optional[Architectures] = passthrough_prop( + ReservedConcurrentExecutions: ReservedConcurrentExecutions | None = prop("ReservedConcurrentExecutions") + ProvisionedConcurrencyConfig: ProvisionedConcurrencyConfig | None = prop("ProvisionedConcurrencyConfig") + AssumeRolePolicyDocument: AssumeRolePolicyDocument | None = prop("AssumeRolePolicyDocument") + EventInvokeConfig: EventInvokeConfig | None = prop("EventInvokeConfig") + Architectures: Architectures | None = passthrough_prop( PROPERTIES_STEM, "Architectures", ["AWS::Lambda::Function", "Properties", "Architectures"], ) - EphemeralStorage: Optional[EphemeralStorage] = passthrough_prop( + EphemeralStorage: EphemeralStorage | None = passthrough_prop( PROPERTIES_STEM, "EphemeralStorage", ["AWS::Lambda::Function", "Properties", "EphemeralStorage"], ) - SnapStart: Optional[SnapStart] = prop("SnapStart") - RuntimeManagementConfig: Optional[RuntimeManagementConfig] = prop("RuntimeManagementConfig") - LoggingConfig: Optional[PassThroughProp] = passthrough_prop( + SnapStart: SnapStart | None = prop("SnapStart") + RuntimeManagementConfig: RuntimeManagementConfig | None = prop("RuntimeManagementConfig") + LoggingConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "LoggingConfig", ["AWS::Lambda::Function", "Properties", "LoggingConfig"], ) - RecursiveLoop: Optional[PassThroughProp] = passthrough_prop( + RecursiveLoop: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "RecursiveLoop", ["AWS::Lambda::Function", "Properties", "RecursiveLoop"], ) - SourceKMSKeyArn: Optional[PassThroughProp] = passthrough_prop( + SourceKMSKeyArn: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "SourceKMSKeyArn", ["AWS::Lambda::Function.Code", "SourceKMSKeyArn"], ) - CapacityProviderConfig: Optional[CapacityProviderConfig] = prop("CapacityProviderConfig") - FunctionScalingConfig: Optional[PassThroughProp] = passthrough_prop( + CapacityProviderConfig: CapacityProviderConfig | None = prop("CapacityProviderConfig") + FunctionScalingConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "FunctionScalingConfig", ["AWS::Lambda::Function", "Properties", "FunctionScalingConfig"], ) - VersionDeletionPolicy: Optional[SamIntrinsicable[Union[str, bool]]] = prop("VersionDeletionPolicy") - PublishToLatestPublished: Optional[PassThroughProp] = passthrough_prop( + VersionDeletionPolicy: SamIntrinsicable[Union[str, bool]] | None = prop("VersionDeletionPolicy") + PublishToLatestPublished: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "PublishToLatestPublished", ["AWS::Lambda::Function", "Properties", "PublishToLatestPublished"], ) - TenancyConfig: Optional[PassThroughProp] = passthrough_prop( + TenancyConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "TenancyConfig", ["AWS::Lambda::Function", "Properties", "TenancyConfig"], ) - DurableConfig: Optional[PassThroughProp] = passthrough_prop( + DurableConfig: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "DurableConfig", ["AWS::Lambda::Function", "Properties", "DurableConfig"], @@ -852,5 +845,5 @@ class Globals(BaseModel): class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::Function"] - Properties: Optional[Properties] - Connectors: Optional[Dict[str, EmbeddedConnector]] + Properties: Properties | None + Connectors: dict[str, EmbeddedConnector] | None diff --git a/samtranslator/internal/schema_source/aws_serverless_graphqlapi.py b/samtranslator/internal/schema_source/aws_serverless_graphqlapi.py index e5a61ea87a..8f5c8e02b1 100644 --- a/samtranslator/internal/schema_source/aws_serverless_graphqlapi.py +++ b/samtranslator/internal/schema_source/aws_serverless_graphqlapi.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.common import ( BaseModel, @@ -33,50 +33,50 @@ class LambdaAuthorizerConfig(BaseModel): # Maps to AWS::AppSync::GraphQLApi.LambdaAuthorizerConfig - AuthorizerResultTtlInSeconds: Optional[PassThroughProp] + AuthorizerResultTtlInSeconds: PassThroughProp | None AuthorizerUri: PassThroughProp - IdentityValidationExpression: Optional[PassThroughProp] + IdentityValidationExpression: PassThroughProp | None class OpenIDConnectConfig(BaseModel): # Maps to AWS::AppSync::GraphQLApi.OpenIDConnectConfig - AuthTTL: Optional[PassThroughProp] - ClientId: Optional[PassThroughProp] - IatTTL: Optional[PassThroughProp] - Issuer: Optional[PassThroughProp] + AuthTTL: PassThroughProp | None + ClientId: PassThroughProp | None + IatTTL: PassThroughProp | None + Issuer: PassThroughProp | None class UserPoolConfig(BaseModel): # Maps to AWS::AppSync::GraphQLApi.UserPoolConfig - AppIdClientRegex: Optional[PassThroughProp] - AwsRegion: Optional[PassThroughProp] - DefaultAction: Optional[PassThroughProp] + AppIdClientRegex: PassThroughProp | None + AwsRegion: PassThroughProp | None + DefaultAction: PassThroughProp | None UserPoolId: PassThroughProp class Authorizer(BaseModel): Type: AuthenticationTypes = authprovider("Type") # Maps to AWS::AppSync::GraphQLApi.AdditionalAuthenticationProvider - LambdaAuthorizer: Optional[LambdaAuthorizerConfig] - OpenIDConnect: Optional[OpenIDConnectConfig] - UserPool: Optional[UserPoolConfig] + LambdaAuthorizer: LambdaAuthorizerConfig | None + OpenIDConnect: OpenIDConnectConfig | None + UserPool: UserPoolConfig | None class Auth(Authorizer): - Additional: Optional[List[Authorizer]] = auth("Additional") + Additional: list[Authorizer] | None = auth("Additional") class ApiKey(BaseModel): - ApiKeyId: Optional[PassThroughProp] = apikey("ApiKeyId") - Description: Optional[PassThroughProp] = apikey("Description") - ExpiresOn: Optional[PassThroughProp] = apikey("ExpiresOn") + ApiKeyId: PassThroughProp | None = apikey("ApiKeyId") + Description: PassThroughProp | None = apikey("Description") + ExpiresOn: PassThroughProp | None = apikey("ExpiresOn") class Logging(BaseModel): # Maps to AWS::AppSync::GraphQLApi LogConfig - CloudWatchLogsRoleArn: Optional[PassThroughProp] - ExcludeVerboseContent: Optional[PassThroughProp] - FieldLogLevel: Optional[PassThroughProp] + CloudWatchLogsRoleArn: PassThroughProp | None + ExcludeVerboseContent: PassThroughProp | None + FieldLogLevel: PassThroughProp | None class DeltaSync(BaseModel): @@ -88,27 +88,27 @@ class DeltaSync(BaseModel): class DynamoDBDataSource(BaseModel): TableName: PassThroughProp = dynamodbdatasource("TableName") - ServiceRoleArn: Optional[PassThroughProp] = dynamodbdatasource("ServiceRoleArn") - TableArn: Optional[PassThroughProp] = dynamodbdatasource("TableArn") - Permissions: Optional[PermissionsType] = dynamodbdatasource("Permissions") - Name: Optional[PassThroughProp] = dynamodbdatasource("Name") - Description: Optional[PassThroughProp] = dynamodbdatasource("Description") - Region: Optional[PassThroughProp] = dynamodbdatasource("Region") - DeltaSync: Optional[DeltaSync] = dynamodbdatasource("DeltaSync") - UseCallerCredentials: Optional[PassThroughProp] = dynamodbdatasource("UseCallerCredentials") - Versioned: Optional[PassThroughProp] = dynamodbdatasource("Versioned") + ServiceRoleArn: PassThroughProp | None = dynamodbdatasource("ServiceRoleArn") + TableArn: PassThroughProp | None = dynamodbdatasource("TableArn") + Permissions: PermissionsType | None = dynamodbdatasource("Permissions") + Name: PassThroughProp | None = dynamodbdatasource("Name") + Description: PassThroughProp | None = dynamodbdatasource("Description") + Region: PassThroughProp | None = dynamodbdatasource("Region") + DeltaSync: DeltaSync | None = dynamodbdatasource("DeltaSync") + UseCallerCredentials: PassThroughProp | None = dynamodbdatasource("UseCallerCredentials") + Versioned: PassThroughProp | None = dynamodbdatasource("Versioned") class LambdaDataSource(BaseModel): FunctionArn: PassThroughProp = lambdadatasource("FunctionArn") - ServiceRoleArn: Optional[PassThroughProp] = lambdadatasource("ServiceRoleArn") - Name: Optional[PassThroughProp] = lambdadatasource("Name") - Description: Optional[PassThroughProp] = lambdadatasource("Description") + ServiceRoleArn: PassThroughProp | None = lambdadatasource("ServiceRoleArn") + Name: PassThroughProp | None = lambdadatasource("Name") + Description: PassThroughProp | None = lambdadatasource("Description") class DataSources(BaseModel): - DynamoDb: Optional[Dict[str, DynamoDBDataSource]] = datasource("DynamoDb") - Lambda: Optional[Dict[str, LambdaDataSource]] = datasource("Lambda") + DynamoDb: dict[str, DynamoDBDataSource] | None = datasource("DynamoDb") + Lambda: dict[str, LambdaDataSource] | None = datasource("Lambda") class Runtime(BaseModel): @@ -124,46 +124,46 @@ class LambdaConflictHandlerConfig(BaseModel): class Sync(BaseModel): # Maps to AWS::AppSync::FunctionConfiguration.SyncConfig ConflictDetection: PassThroughProp - ConflictHandler: Optional[PassThroughProp] - LambdaConflictHandlerConfig: Optional[LambdaConflictHandlerConfig] + ConflictHandler: PassThroughProp | None + LambdaConflictHandlerConfig: LambdaConflictHandlerConfig | None class Function(BaseModel): - DataSource: Optional[SamIntrinsicable[str]] = function("DataSource") - Runtime: Optional[Runtime] = function("Runtime") - InlineCode: Optional[PassThroughProp] = function("InlineCode") - CodeUri: Optional[PassThroughProp] = function("CodeUri") - Description: Optional[PassThroughProp] = function("Description") - MaxBatchSize: Optional[PassThroughProp] = function("MaxBatchSize") - Name: Optional[str] = function("Name") - Id: Optional[PassThroughProp] = function("Id") - Sync: Optional[Sync] = function("Sync") + DataSource: SamIntrinsicable[str] | None = function("DataSource") + Runtime: Runtime | None = function("Runtime") + InlineCode: PassThroughProp | None = function("InlineCode") + CodeUri: PassThroughProp | None = function("CodeUri") + Description: PassThroughProp | None = function("Description") + MaxBatchSize: PassThroughProp | None = function("MaxBatchSize") + Name: str | None = function("Name") + Id: PassThroughProp | None = function("Id") + Sync: Sync | None = function("Sync") class Caching(BaseModel): # Maps to AWS::AppSync::Resolver.CachingConfig Ttl: PassThroughProp - CachingKeys: Optional[List[PassThroughProp]] + CachingKeys: list[PassThroughProp] | None class Resolver(BaseModel): - FieldName: Optional[str] = resolver("FieldName") - Caching: Optional[Caching] = resolver("Caching") - InlineCode: Optional[PassThroughProp] = resolver("InlineCode") - CodeUri: Optional[PassThroughProp] = resolver("CodeUri") - MaxBatchSize: Optional[PassThroughProp] = resolver("MaxBatchSize") - Pipeline: Optional[List[str]] = resolver( + FieldName: str | None = resolver("FieldName") + Caching: Caching | None = resolver("Caching") + InlineCode: PassThroughProp | None = resolver("InlineCode") + CodeUri: PassThroughProp | None = resolver("CodeUri") + MaxBatchSize: PassThroughProp | None = resolver("MaxBatchSize") + Pipeline: list[str] | None = resolver( "Pipeline" ) # keeping it optional allows for easier validation in to_cloudformation with better error messages - Runtime: Optional[Runtime] = resolver("Runtime") - Sync: Optional[Sync] = resolver("Sync") + Runtime: Runtime | None = resolver("Runtime") + Sync: Sync | None = resolver("Sync") class DomainName(BaseModel): # Maps to AWS::AppSync::DomainName CertificateArn: PassThroughProp DomainName: PassThroughProp - Description: Optional[PassThroughProp] + Description: PassThroughProp | None class Cache(BaseModel): @@ -171,29 +171,29 @@ class Cache(BaseModel): ApiCachingBehavior: PassThroughProp Ttl: PassThroughProp Type: PassThroughProp - AtRestEncryptionEnabled: Optional[PassThroughProp] - TransitEncryptionEnabled: Optional[PassThroughProp] + AtRestEncryptionEnabled: PassThroughProp | None + TransitEncryptionEnabled: PassThroughProp | None class Properties(BaseModel): Auth: Auth = properties("Auth") - Tags: Optional[DictStrAny] = properties("Tags") - Name: Optional[PassThroughProp] = properties("Name") - XrayEnabled: Optional[bool] = properties("XrayEnabled") - SchemaInline: Optional[PassThroughProp] = properties("SchemaInline") - SchemaUri: Optional[PassThroughProp] = properties("SchemaUri") - Logging: Optional[Union[Logging, bool]] = properties("Logging") - DataSources: Optional[DataSources] = properties("DataSources") - Functions: Optional[Dict[str, Function]] = properties("Functions") - Resolvers: Optional[Dict[str, Dict[str, Resolver]]] = properties("Resolvers") - ApiKeys: Optional[Dict[str, ApiKey]] = properties("ApiKeys") - DomainName: Optional[DomainName] = properties("DomainName") - Cache: Optional[Cache] = properties("Cache") - Visibility: Optional[PassThroughProp] # TODO: add documentation when available in sam-docs.json - OwnerContact: Optional[PassThroughProp] # TODO: add documentation when available in sam-docs.json - IntrospectionConfig: Optional[PassThroughProp] # TODO: add documentation when available in sam-docs.json - QueryDepthLimit: Optional[PassThroughProp] # TODO: add documentation when available in sam-docs.json - ResolverCountLimit: Optional[PassThroughProp] # TODO: add documentation when available in sam-docs.json + Tags: DictStrAny | None = properties("Tags") + Name: PassThroughProp | None = properties("Name") + XrayEnabled: bool | None = properties("XrayEnabled") + SchemaInline: PassThroughProp | None = properties("SchemaInline") + SchemaUri: PassThroughProp | None = properties("SchemaUri") + Logging: Union[Logging, bool] | None = properties("Logging") + DataSources: DataSources | None = properties("DataSources") + Functions: dict[str, Function] | None = properties("Functions") + Resolvers: dict[str, dict[str, Resolver]] | None = properties("Resolvers") + ApiKeys: dict[str, ApiKey] | None = properties("ApiKeys") + DomainName: DomainName | None = properties("DomainName") + Cache: Cache | None = properties("Cache") + Visibility: PassThroughProp | None # TODO: add documentation when available in sam-docs.json + OwnerContact: PassThroughProp | None # TODO: add documentation when available in sam-docs.json + IntrospectionConfig: PassThroughProp | None # TODO: add documentation when available in sam-docs.json + QueryDepthLimit: PassThroughProp | None # TODO: add documentation when available in sam-docs.json + ResolverCountLimit: PassThroughProp | None # TODO: add documentation when available in sam-docs.json class Resource(BaseModel): diff --git a/samtranslator/internal/schema_source/aws_serverless_httpapi.py b/samtranslator/internal/schema_source/aws_serverless_httpapi.py index a8ef7ed790..2f141265c8 100644 --- a/samtranslator/internal/schema_source/aws_serverless_httpapi.py +++ b/samtranslator/internal/schema_source/aws_serverless_httpapi.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.aws_serverless_connector import EmbeddedConnector from samtranslator.internal.schema_source.common import ( @@ -24,17 +24,17 @@ class OAuth2Authorizer(BaseModel): - AuthorizationScopes: Optional[List[str]] = oauth2authorizer("AuthorizationScopes") - IdentitySource: Optional[str] = oauth2authorizer("IdentitySource") - JwtConfiguration: Optional[PassThroughProp] = oauth2authorizer("JwtConfiguration") + AuthorizationScopes: list[str] | None = oauth2authorizer("AuthorizationScopes") + IdentitySource: str | None = oauth2authorizer("IdentitySource") + JwtConfiguration: PassThroughProp | None = oauth2authorizer("JwtConfiguration") class LambdaAuthorizerIdentity(BaseModel): - Context: Optional[List[str]] = lambdauthorizeridentity("Context") - Headers: Optional[List[str]] = lambdauthorizeridentity("Headers") - QueryStrings: Optional[List[str]] = lambdauthorizeridentity("QueryStrings") - ReauthorizeEvery: Optional[int] = lambdauthorizeridentity("ReauthorizeEvery") - StageVariables: Optional[List[str]] = lambdauthorizeridentity("StageVariables") + Context: list[str] | None = lambdauthorizeridentity("Context") + Headers: list[str] | None = lambdauthorizeridentity("Headers") + QueryStrings: list[str] | None = lambdauthorizeridentity("QueryStrings") + ReauthorizeEvery: int | None = lambdauthorizeridentity("ReauthorizeEvery") + StageVariables: list[str] | None = lambdauthorizeridentity("StageVariables") class LambdaAuthorizer(BaseModel): @@ -42,107 +42,99 @@ class LambdaAuthorizer(BaseModel): AuthorizerPayloadFormatVersion: Union[Literal["1.0", "2.0"], float] = lambdaauthorizer( "AuthorizerPayloadFormatVersion" ) - EnableSimpleResponses: Optional[bool] = lambdaauthorizer("EnableSimpleResponses") + EnableSimpleResponses: bool | None = lambdaauthorizer("EnableSimpleResponses") FunctionArn: SamIntrinsicable[str] = lambdaauthorizer("FunctionArn") - FunctionInvokeRole: Optional[SamIntrinsicable[str]] = lambdaauthorizer("FunctionInvokeRole") - EnableFunctionDefaultPermissions: Optional[bool] = lambdaauthorizer("EnableFunctionDefaultPermissions") - Identity: Optional[LambdaAuthorizerIdentity] = lambdaauthorizer("Identity") + FunctionInvokeRole: SamIntrinsicable[str] | None = lambdaauthorizer("FunctionInvokeRole") + EnableFunctionDefaultPermissions: bool | None = lambdaauthorizer("EnableFunctionDefaultPermissions") + Identity: LambdaAuthorizerIdentity | None = lambdaauthorizer("Identity") class Auth(BaseModel): # TODO: Docs doesn't say it's a map - Authorizers: Optional[ - Dict[ - str, - Union[ - OAuth2Authorizer, - LambdaAuthorizer, - ], - ] - ] = auth("Authorizers") - DefaultAuthorizer: Optional[str] = auth("DefaultAuthorizer") - EnableIamAuthorizer: Optional[bool] = auth("EnableIamAuthorizer") + Authorizers: dict[str, Union[OAuth2Authorizer, LambdaAuthorizer]] | None = auth("Authorizers") + DefaultAuthorizer: str | None = auth("DefaultAuthorizer") + EnableIamAuthorizer: bool | None = auth("EnableIamAuthorizer") class CorsConfiguration(BaseModel): - AllowCredentials: Optional[bool] = corsconfiguration("AllowCredentials") - AllowHeaders: Optional[List[str]] = corsconfiguration("AllowHeaders") - AllowMethods: Optional[List[str]] = corsconfiguration("AllowMethods") - AllowOrigins: Optional[List[str]] = corsconfiguration("AllowOrigins") - ExposeHeaders: Optional[List[str]] = corsconfiguration("ExposeHeaders") - MaxAge: Optional[int] = corsconfiguration("MaxAge") + AllowCredentials: bool | None = corsconfiguration("AllowCredentials") + AllowHeaders: list[str] | None = corsconfiguration("AllowHeaders") + AllowMethods: list[str] | None = corsconfiguration("AllowMethods") + AllowOrigins: list[str] | None = corsconfiguration("AllowOrigins") + ExposeHeaders: list[str] | None = corsconfiguration("ExposeHeaders") + MaxAge: int | None = corsconfiguration("MaxAge") class DefinitionUri(BaseModel): Bucket: str = definitionuri("Bucket") Key: str = definitionuri("Key") - Version: Optional[str] = definitionuri("Version") + Version: str | None = definitionuri("Version") class Route53(BaseModel): - DistributionDomainName: Optional[PassThroughProp] = route53("DistributionDomainName") - EvaluateTargetHealth: Optional[PassThroughProp] = route53("EvaluateTargetHealth") - HostedZoneId: Optional[PassThroughProp] = route53("HostedZoneId") - HostedZoneName: Optional[PassThroughProp] = route53("HostedZoneName") - IpV6: Optional[bool] = route53("IpV6") - Region: Optional[PassThroughProp] = route53("Region") - SetIdentifier: Optional[PassThroughProp] = route53("SetIdentifier") + DistributionDomainName: PassThroughProp | None = route53("DistributionDomainName") + EvaluateTargetHealth: PassThroughProp | None = route53("EvaluateTargetHealth") + HostedZoneId: PassThroughProp | None = route53("HostedZoneId") + HostedZoneName: PassThroughProp | None = route53("HostedZoneName") + IpV6: bool | None = route53("IpV6") + SetIdentifier: PassThroughProp | None = route53("SetIdentifier") + Region: PassThroughProp | None = route53("Region") class Domain(BaseModel): - BasePath: Optional[List[str]] = domain("BasePath") + BasePath: list[str] | None = domain("BasePath") CertificateArn: PassThroughProp = domain("CertificateArn") DomainName: PassThroughProp = domain("DomainName") - EndpointConfiguration: Optional[SamIntrinsicable[Literal["REGIONAL"]]] = domain("EndpointConfiguration") - MutualTlsAuthentication: Optional[PassThroughProp] = domain("MutualTlsAuthentication") - OwnershipVerificationCertificateArn: Optional[PassThroughProp] = domain("OwnershipVerificationCertificateArn") - Route53: Optional[Route53] = domain("Route53") - SecurityPolicy: Optional[PassThroughProp] = domain("SecurityPolicy") + EndpointConfiguration: SamIntrinsicable[Literal["REGIONAL"]] | None = domain("EndpointConfiguration") + MutualTlsAuthentication: PassThroughProp | None = domain("MutualTlsAuthentication") + OwnershipVerificationCertificateArn: PassThroughProp | None = domain("OwnershipVerificationCertificateArn") + Route53: Route53 | None = domain("Route53") + SecurityPolicy: PassThroughProp | None = domain("SecurityPolicy") -AccessLogSettings = Optional[PassThroughProp] -StageVariables = Optional[PassThroughProp] -Tags = Optional[DictStrAny] -RouteSettings = Optional[PassThroughProp] -FailOnWarnings = Optional[PassThroughProp] -CorsConfigurationType = Optional[PassThroughProp] -DefaultRouteSettings = Optional[PassThroughProp] +AccessLogSettings = PassThroughProp | None +StageVariables = PassThroughProp | None +Tags = DictStrAny | None +RouteSettings = PassThroughProp | None +FailOnWarnings = PassThroughProp | None +CorsConfigurationType = PassThroughProp | None +DefaultRouteSettings = PassThroughProp | None class Properties(BaseModel): - AccessLogSettings: Optional[AccessLogSettings] = properties("AccessLogSettings") - Auth: Optional[Auth] = properties("Auth") + AccessLogSettings: AccessLogSettings | None = properties("AccessLogSettings") + Auth: Auth | None = properties("Auth") # TODO: Also string like in the docs? - CorsConfiguration: Optional[CorsConfigurationType] = properties("CorsConfiguration") - DefaultRouteSettings: Optional[DefaultRouteSettings] = properties("DefaultRouteSettings") - DefinitionBody: Optional[DictStrAny] = properties("DefinitionBody") - DefinitionUri: Optional[Union[str, DefinitionUri]] = properties("DefinitionUri") - Description: Optional[str] = properties("Description") - DisableExecuteApiEndpoint: Optional[PassThroughProp] = properties("DisableExecuteApiEndpoint") - Domain: Optional[Domain] = properties("Domain") - FailOnWarnings: Optional[FailOnWarnings] = properties("FailOnWarnings") - RouteSettings: Optional[RouteSettings] = properties("RouteSettings") - StageName: Optional[PassThroughProp] = properties("StageName") - StageVariables: Optional[StageVariables] = properties("StageVariables") - Tags: Optional[Tags] = properties("Tags") - PropagateTags: Optional[bool] = properties("PropagateTags") - Name: Optional[PassThroughProp] = properties("Name") + CorsConfiguration: CorsConfigurationType | None = properties("CorsConfiguration") + DefaultRouteSettings: DefaultRouteSettings | None = properties("DefaultRouteSettings") + DefinitionBody: DictStrAny | None = properties("DefinitionBody") + DefinitionUri: Union[str, DefinitionUri] | None = properties("DefinitionUri") + Description: str | None = properties("Description") + DisableExecuteApiEndpoint: PassThroughProp | None = properties("DisableExecuteApiEndpoint") + Domain: Domain | None = properties("Domain") + FailOnWarnings: FailOnWarnings | None = properties("FailOnWarnings") + RouteSettings: RouteSettings | None = properties("RouteSettings") + StageName: PassThroughProp | None = properties("StageName") + StageVariables: StageVariables | None = properties("StageVariables") + Tags: Tags | None = properties("Tags") + PropagateTags: bool | None = properties("PropagateTags") + Name: PassThroughProp | None = properties("Name") class Globals(BaseModel): - Auth: Optional[Auth] = properties("Auth") - AccessLogSettings: Optional[AccessLogSettings] = properties("AccessLogSettings") - StageVariables: Optional[StageVariables] = properties("StageVariables") - Tags: Optional[Tags] = properties("Tags") - RouteSettings: Optional[RouteSettings] = properties("RouteSettings") - FailOnWarnings: Optional[FailOnWarnings] = properties("FailOnWarnings") - Domain: Optional[Domain] = properties("Domain") - CorsConfiguration: Optional[CorsConfigurationType] = properties("CorsConfiguration") - DefaultRouteSettings: Optional[DefaultRouteSettings] = properties("DefaultRouteSettings") - PropagateTags: Optional[bool] = properties("PropagateTags") + Auth: Auth | None = properties("Auth") + AccessLogSettings: AccessLogSettings | None = properties("AccessLogSettings") + StageVariables: StageVariables | None = properties("StageVariables") + Tags: Tags | None = properties("Tags") + RouteSettings: RouteSettings | None = properties("RouteSettings") + FailOnWarnings: FailOnWarnings | None = properties("FailOnWarnings") + Domain: Domain | None = properties("Domain") + CorsConfiguration: CorsConfigurationType | None = properties("CorsConfiguration") + DefaultRouteSettings: DefaultRouteSettings | None = properties("DefaultRouteSettings") + PropagateTags: bool | None = properties("PropagateTags") class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::HttpApi"] - Properties: Optional[Properties] - Connectors: Optional[Dict[str, EmbeddedConnector]] + Properties: Properties | None + Connectors: dict[str, EmbeddedConnector] | None diff --git a/samtranslator/internal/schema_source/aws_serverless_layerversion.py b/samtranslator/internal/schema_source/aws_serverless_layerversion.py index c4f038b942..fefa8d0ca8 100644 --- a/samtranslator/internal/schema_source/aws_serverless_layerversion.py +++ b/samtranslator/internal/schema_source/aws_serverless_layerversion.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.common import ( BaseModel, @@ -29,7 +29,7 @@ class ContentUri(BaseModel): "Key", ["AWS::Lambda::LayerVersion.Content", "S3Key"], ) - Version: Optional[PassThroughProp] = passthrough_prop( + Version: PassThroughProp | None = passthrough_prop( CONTENT_URI_STEM, "Version", ["AWS::Lambda::LayerVersion.Content", "S3ObjectVersion"], @@ -37,30 +37,30 @@ class ContentUri(BaseModel): class Properties(BaseModel): - CompatibleArchitectures: Optional[PassThroughProp] = passthrough_prop( + CompatibleArchitectures: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "CompatibleArchitectures", ["AWS::Lambda::LayerVersion", "Properties", "CompatibleArchitectures"], ) - CompatibleRuntimes: Optional[PassThroughProp] = passthrough_prop( + CompatibleRuntimes: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "CompatibleRuntimes", ["AWS::Lambda::LayerVersion", "Properties", "CompatibleRuntimes"], ) - PublishLambdaVersion: Optional[bool] = properties("PublishLambdaVersion") + PublishLambdaVersion: bool | None = properties("PublishLambdaVersion") ContentUri: Union[str, ContentUri] = properties("ContentUri") - Description: Optional[PassThroughProp] = passthrough_prop( + Description: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "Description", ["AWS::Lambda::LayerVersion", "Properties", "Description"], ) - LayerName: Optional[PassThroughProp] = properties("LayerName") - LicenseInfo: Optional[PassThroughProp] = passthrough_prop( + LayerName: PassThroughProp | None = properties("LayerName") + LicenseInfo: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "LicenseInfo", ["AWS::Lambda::LayerVersion", "Properties", "LicenseInfo"], ) - RetentionPolicy: Optional[SamIntrinsicable[str]] = properties("RetentionPolicy") + RetentionPolicy: SamIntrinsicable[str] | None = properties("RetentionPolicy") class Resource(ResourceAttributes): @@ -69,4 +69,4 @@ class Resource(ResourceAttributes): class Globals(BaseModel): - PublishLambdaVersion: Optional[bool] = properties("PublishLambdaVersion") + PublishLambdaVersion: bool | None = properties("PublishLambdaVersion") diff --git a/samtranslator/internal/schema_source/aws_serverless_simpletable.py b/samtranslator/internal/schema_source/aws_serverless_simpletable.py index 016c67864b..65163005a3 100644 --- a/samtranslator/internal/schema_source/aws_serverless_simpletable.py +++ b/samtranslator/internal/schema_source/aws_serverless_simpletable.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Any, Dict, Literal, Optional +from typing import Any, Literal from samtranslator.internal.schema_source.aws_serverless_connector import EmbeddedConnector from samtranslator.internal.schema_source.common import ( @@ -31,36 +31,36 @@ class PrimaryKey(BaseModel): ) -SSESpecification = Optional[PassThroughProp] +SSESpecification = PassThroughProp | None class Properties(BaseModel): - PointInTimeRecoverySpecification: Optional[PassThroughProp] = passthrough_prop( + PointInTimeRecoverySpecification: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "ProvisionedThroughput", ["AWS::DynamoDB::Table", "Properties", "PointInTimeRecoverySpecification"], ) - PrimaryKey: Optional[PrimaryKey] = properties("PrimaryKey") - ProvisionedThroughput: Optional[PassThroughProp] = passthrough_prop( + PrimaryKey: PrimaryKey | None = properties("PrimaryKey") + ProvisionedThroughput: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "ProvisionedThroughput", ["AWS::DynamoDB::Table", "Properties", "ProvisionedThroughput"], ) - SSESpecification: Optional[SSESpecification] = passthrough_prop( + SSESpecification: SSESpecification | None = passthrough_prop( PROPERTIES_STEM, "SSESpecification", ["AWS::DynamoDB::Table", "Properties", "SSESpecification"], ) - TableName: Optional[PassThroughProp] = passthrough_prop( + TableName: PassThroughProp | None = passthrough_prop( PROPERTIES_STEM, "TableName", ["AWS::DynamoDB::Table", "Properties", "TableName"], ) - Tags: Optional[Dict[str, Any]] = properties("Tags") + Tags: dict[str, Any] | None = properties("Tags") class Globals(BaseModel): - SSESpecification: Optional[SSESpecification] = passthrough_prop( + SSESpecification: SSESpecification | None = passthrough_prop( PROPERTIES_STEM, "SSESpecification", ["AWS::DynamoDB::Table", "Properties", "SSESpecification"], @@ -69,5 +69,5 @@ class Globals(BaseModel): class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::SimpleTable"] - Properties: Optional[Properties] - Connectors: Optional[Dict[str, EmbeddedConnector]] + Properties: Properties | None + Connectors: dict[str, EmbeddedConnector] | None diff --git a/samtranslator/internal/schema_source/aws_serverless_statemachine.py b/samtranslator/internal/schema_source/aws_serverless_statemachine.py index 138bd34276..f2b73f857f 100644 --- a/samtranslator/internal/schema_source/aws_serverless_statemachine.py +++ b/samtranslator/internal/schema_source/aws_serverless_statemachine.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional, Union +from typing import Literal, Union from samtranslator.internal.schema_source.aws_serverless_connector import EmbeddedConnector from samtranslator.internal.schema_source.common import ( @@ -29,9 +29,9 @@ class DeadLetterConfig(BaseModel): - Arn: Optional[PassThroughProp] = deadletterconfig("Arn") - QueueLogicalId: Optional[str] = deadletterconfig("QueueLogicalId") - Type: Optional[Literal["SQS"]] = deadletterconfig("Type") + Arn: PassThroughProp | None = deadletterconfig("Arn") + QueueLogicalId: str | None = deadletterconfig("QueueLogicalId") + Type: Literal["SQS"] | None = deadletterconfig("Type") class ScheduleTarget(BaseModel): @@ -39,16 +39,16 @@ class ScheduleTarget(BaseModel): class ScheduleEventProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = scheduleeventproperties("DeadLetterConfig") - Description: Optional[PassThroughProp] = scheduleeventproperties("Description") - Enabled: Optional[bool] = scheduleeventproperties("Enabled") - Input: Optional[PassThroughProp] = scheduleeventproperties("Input") - Name: Optional[PassThroughProp] = scheduleeventproperties("Name") - RetryPolicy: Optional[PassThroughProp] = scheduleeventproperties("RetryPolicy") - Schedule: Optional[PassThroughProp] = scheduleeventproperties("Schedule") - State: Optional[PassThroughProp] = scheduleeventproperties("State") - Target: Optional[ScheduleTarget] = scheduleeventproperties("Target") - RoleArn: Optional[PassThroughProp] = passthrough_prop( + DeadLetterConfig: DeadLetterConfig | None = scheduleeventproperties("DeadLetterConfig") + Description: PassThroughProp | None = scheduleeventproperties("Description") + Enabled: bool | None = scheduleeventproperties("Enabled") + Input: PassThroughProp | None = scheduleeventproperties("Input") + Name: PassThroughProp | None = scheduleeventproperties("Name") + RetryPolicy: PassThroughProp | None = scheduleeventproperties("RetryPolicy") + Schedule: PassThroughProp | None = scheduleeventproperties("Schedule") + State: PassThroughProp | None = scheduleeventproperties("State") + Target: ScheduleTarget | None = scheduleeventproperties("Target") + RoleArn: PassThroughProp | None = passthrough_prop( "sam-property-statemachine-statemachineschedule", "RoleArn", ["AWS::Scheduler::Schedule.Target", "RoleArn"], @@ -61,22 +61,22 @@ class ScheduleEvent(BaseModel): class ScheduleV2EventProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = scheduleeventv2properties("DeadLetterConfig") - Description: Optional[PassThroughProp] = scheduleeventv2properties("Description") - EndDate: Optional[PassThroughProp] = scheduleeventv2properties("EndDate") - FlexibleTimeWindow: Optional[PassThroughProp] = scheduleeventv2properties("FlexibleTimeWindow") - GroupName: Optional[PassThroughProp] = scheduleeventv2properties("GroupName") - Input: Optional[PassThroughProp] = scheduleeventv2properties("Input") - KmsKeyArn: Optional[PassThroughProp] = scheduleeventv2properties("KmsKeyArn") - Name: Optional[PassThroughProp] = scheduleeventv2properties("Name") - PermissionsBoundary: Optional[PassThroughProp] = scheduleeventv2properties("PermissionsBoundary") - RetryPolicy: Optional[PassThroughProp] = scheduleeventv2properties("RetryPolicy") - RoleArn: Optional[PassThroughProp] = scheduleeventv2properties("RoleArn") - ScheduleExpression: Optional[PassThroughProp] = scheduleeventv2properties("ScheduleExpression") - ScheduleExpressionTimezone: Optional[PassThroughProp] = scheduleeventv2properties("ScheduleExpressionTimezone") - StartDate: Optional[PassThroughProp] = scheduleeventv2properties("StartDate") - State: Optional[PassThroughProp] = scheduleeventv2properties("State") - OmitName: Optional[bool] = scheduleeventv2properties("OmitName") + DeadLetterConfig: DeadLetterConfig | None = scheduleeventv2properties("DeadLetterConfig") + Description: PassThroughProp | None = scheduleeventv2properties("Description") + EndDate: PassThroughProp | None = scheduleeventv2properties("EndDate") + FlexibleTimeWindow: PassThroughProp | None = scheduleeventv2properties("FlexibleTimeWindow") + GroupName: PassThroughProp | None = scheduleeventv2properties("GroupName") + Input: PassThroughProp | None = scheduleeventv2properties("Input") + KmsKeyArn: PassThroughProp | None = scheduleeventv2properties("KmsKeyArn") + Name: PassThroughProp | None = scheduleeventv2properties("Name") + PermissionsBoundary: PassThroughProp | None = scheduleeventv2properties("PermissionsBoundary") + RetryPolicy: PassThroughProp | None = scheduleeventv2properties("RetryPolicy") + RoleArn: PassThroughProp | None = scheduleeventv2properties("RoleArn") + ScheduleExpression: PassThroughProp | None = scheduleeventv2properties("ScheduleExpression") + ScheduleExpressionTimezone: PassThroughProp | None = scheduleeventv2properties("ScheduleExpressionTimezone") + StartDate: PassThroughProp | None = scheduleeventv2properties("StartDate") + State: PassThroughProp | None = scheduleeventv2properties("State") + OmitName: bool | None = scheduleeventv2properties("OmitName") class ScheduleV2Event(BaseModel): @@ -85,24 +85,24 @@ class ScheduleV2Event(BaseModel): class ResourcePolicy(BaseModel): - AwsAccountBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountBlacklist") - AwsAccountWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("AwsAccountWhitelist") - CustomStatements: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("CustomStatements") - IntrinsicVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcBlacklist") - IntrinsicVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpcWhitelist") - IntrinsicVpceBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceBlacklist") - IntrinsicVpceWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IntrinsicVpceWhitelist") - IpRangeBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeBlacklist") - IpRangeWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("IpRangeWhitelist") - SourceVpcBlacklist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcBlacklist") - SourceVpcWhitelist: Optional[List[Union[str, DictStrAny]]] = resourcepolicy("SourceVpcWhitelist") + AwsAccountBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountBlacklist") + AwsAccountWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("AwsAccountWhitelist") + CustomStatements: list[Union[str, DictStrAny]] | None = resourcepolicy("CustomStatements") + IntrinsicVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcBlacklist") + IntrinsicVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpcWhitelist") + IntrinsicVpceBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceBlacklist") + IntrinsicVpceWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IntrinsicVpceWhitelist") + IpRangeBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeBlacklist") + IpRangeWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("IpRangeWhitelist") + SourceVpcBlacklist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcBlacklist") + SourceVpcWhitelist: list[Union[str, DictStrAny]] | None = resourcepolicy("SourceVpcWhitelist") class CloudWatchEventProperties(BaseModel): - EventBusName: Optional[PassThroughProp] = cloudwatcheventproperties("EventBusName") - Input: Optional[PassThroughProp] = cloudwatcheventproperties("Input") - InputPath: Optional[PassThroughProp] = cloudwatcheventproperties("InputPath") - Pattern: Optional[PassThroughProp] = cloudwatcheventproperties("Pattern") + EventBusName: PassThroughProp | None = cloudwatcheventproperties("EventBusName") + Input: PassThroughProp | None = cloudwatcheventproperties("Input") + InputPath: PassThroughProp | None = cloudwatcheventproperties("InputPath") + Pattern: PassThroughProp | None = cloudwatcheventproperties("Pattern") class CloudWatchEvent(BaseModel): @@ -115,15 +115,15 @@ class EventBridgeRuleTarget(BaseModel): class EventBridgeRuleEventProperties(BaseModel): - DeadLetterConfig: Optional[DeadLetterConfig] = eventbridgeruleeventproperties("DeadLetterConfig") - EventBusName: Optional[PassThroughProp] = eventbridgeruleeventproperties("EventBusName") - Input: Optional[PassThroughProp] = eventbridgeruleeventproperties("Input") - InputPath: Optional[PassThroughProp] = eventbridgeruleeventproperties("InputPath") - Pattern: Optional[PassThroughProp] = eventbridgeruleeventproperties("Pattern") - RetryPolicy: Optional[PassThroughProp] = eventbridgeruleeventproperties("RetryPolicy") - Target: Optional[EventBridgeRuleTarget] = eventbridgeruleeventproperties("Target") - RuleName: Optional[PassThroughProp] = eventbridgeruleeventproperties("RuleName") - InputTransformer: Optional[PassThroughProp] = passthrough_prop( + DeadLetterConfig: DeadLetterConfig | None = eventbridgeruleeventproperties("DeadLetterConfig") + EventBusName: PassThroughProp | None = eventbridgeruleeventproperties("EventBusName") + Input: PassThroughProp | None = eventbridgeruleeventproperties("Input") + InputPath: PassThroughProp | None = eventbridgeruleeventproperties("InputPath") + Pattern: PassThroughProp | None = eventbridgeruleeventproperties("Pattern") + RetryPolicy: PassThroughProp | None = eventbridgeruleeventproperties("RetryPolicy") + Target: EventBridgeRuleTarget | None = eventbridgeruleeventproperties("Target") + RuleName: PassThroughProp | None = eventbridgeruleeventproperties("RuleName") + InputTransformer: PassThroughProp | None = passthrough_prop( "sam-property-statemachine-statemachineeventbridgerule", "InputTransformer", ["AWS::Events::Rule.Target", "InputTransformer"], @@ -136,18 +136,18 @@ class EventBridgeRuleEvent(BaseModel): class Auth(BaseModel): - ApiKeyRequired: Optional[bool] = apiauth("ApiKeyRequired") - AuthorizationScopes: Optional[List[str]] = apiauth("AuthorizationScopes") - Authorizer: Optional[str] = apiauth("Authorizer") - ResourcePolicy: Optional[ResourcePolicy] = apiauth("ResourcePolicy") + ApiKeyRequired: bool | None = apiauth("ApiKeyRequired") + AuthorizationScopes: list[str] | None = apiauth("AuthorizationScopes") + Authorizer: str | None = apiauth("Authorizer") + ResourcePolicy: ResourcePolicy | None = apiauth("ResourcePolicy") class ApiEventProperties(BaseModel): - Auth: Optional[Auth] = apieventproperties("Auth") + Auth: Auth | None = apieventproperties("Auth") Method: str = apieventproperties("Method") Path: str = apieventproperties("Path") - RestApiId: Optional[SamIntrinsicable[str]] = apieventproperties("RestApiId") - UnescapeMappingTemplate: Optional[bool] = apieventproperties("UnescapeMappingTemplate") + RestApiId: SamIntrinsicable[str] | None = apieventproperties("RestApiId") + UnescapeMappingTemplate: bool | None = apieventproperties("UnescapeMappingTemplate") class ApiEvent(BaseModel): @@ -156,41 +156,32 @@ class ApiEvent(BaseModel): class Properties(BaseModel): - Definition: Optional[DictStrAny] = properties("Definition") - DefinitionSubstitutions: Optional[DictStrAny] = properties("DefinitionSubstitutions") - DefinitionUri: Optional[Union[str, PassThroughProp]] = properties("DefinitionUri") - Events: Optional[ - Dict[ - str, - Union[ - ScheduleEvent, - ScheduleV2Event, - CloudWatchEvent, - EventBridgeRuleEvent, - ApiEvent, - ], - ] - ] = properties("Events") - Logging: Optional[PassThroughProp] = properties("Logging") - Name: Optional[PassThroughProp] = properties("Name") - PermissionsBoundary: Optional[PassThroughProp] = properties("PermissionsBoundary") - Policies: Optional[Union[str, DictStrAny, List[Union[str, DictStrAny]]]] = properties("Policies") - Role: Optional[PassThroughProp] = properties("Role") - RolePath: Optional[PassThroughProp] = properties("RolePath") - Tags: Optional[DictStrAny] = properties("Tags") - PropagateTags: Optional[bool] = properties("PropagateTags") - Tracing: Optional[PassThroughProp] = properties("Tracing") - Type: Optional[PassThroughProp] = properties("Type") - AutoPublishAlias: Optional[PassThroughProp] - DeploymentPreference: Optional[PassThroughProp] - UseAliasAsEventTarget: Optional[bool] + Definition: DictStrAny | None = properties("Definition") + DefinitionSubstitutions: DictStrAny | None = properties("DefinitionSubstitutions") + DefinitionUri: Union[str, PassThroughProp] | None = properties("DefinitionUri") + Events: dict[str, Union[ScheduleEvent, ScheduleV2Event, CloudWatchEvent, EventBridgeRuleEvent, ApiEvent]] | None = ( + properties("Events") + ) + Logging: PassThroughProp | None = properties("Logging") + Name: PassThroughProp | None = properties("Name") + PermissionsBoundary: PassThroughProp | None = properties("PermissionsBoundary") + Policies: Union[str, DictStrAny, list[Union[str, DictStrAny]]] | None = properties("Policies") + Role: PassThroughProp | None = properties("Role") + RolePath: PassThroughProp | None = properties("RolePath") + Tags: DictStrAny | None = properties("Tags") + PropagateTags: bool | None = properties("PropagateTags") + Tracing: PassThroughProp | None = properties("Tracing") + Type: PassThroughProp | None = properties("Type") + AutoPublishAlias: PassThroughProp | None + DeploymentPreference: PassThroughProp | None + UseAliasAsEventTarget: bool | None class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::StateMachine"] Properties: Properties - Connectors: Optional[Dict[str, EmbeddedConnector]] + Connectors: dict[str, EmbeddedConnector] | None class Globals(BaseModel): - PropagateTags: Optional[bool] = properties("PropagateTags") + PropagateTags: bool | None = properties("PropagateTags") diff --git a/samtranslator/internal/schema_source/aws_serverless_websocketapi.py b/samtranslator/internal/schema_source/aws_serverless_websocketapi.py index 1731927694..291c99748e 100644 --- a/samtranslator/internal/schema_source/aws_serverless_websocketapi.py +++ b/samtranslator/internal/schema_source/aws_serverless_websocketapi.py @@ -1,6 +1,6 @@ from __future__ import annotations -from typing import Dict, List, Literal, Optional +from typing import Literal from samtranslator.internal.schema_source.common import ( BaseModel, @@ -27,89 +27,89 @@ class Route53(BaseModel): - EvaluateTargetHealth: Optional[PassThroughProp] = route53("EvaluateTargetHealth") - HostedZoneId: Optional[PassThroughProp] = route53("HostedZoneId") - HostedZoneName: Optional[PassThroughProp] = route53("HostedZoneName") - IpV6: Optional[bool] = route53("IpV6") - Region: Optional[PassThroughProp] = route53("Region") - SetIdentifier: Optional[PassThroughProp] = route53("SetIdentifier") + EvaluateTargetHealth: PassThroughProp | None = route53("EvaluateTargetHealth") + HostedZoneId: PassThroughProp | None = route53("HostedZoneId") + HostedZoneName: PassThroughProp | None = route53("HostedZoneName") + IpV6: bool | None = route53("IpV6") + Region: PassThroughProp | None = route53("Region") + SetIdentifier: PassThroughProp | None = route53("SetIdentifier") class Domain(BaseModel): - BasePath: Optional[List[str]] = domain("BasePath") + BasePath: list[str] | None = domain("BasePath") CertificateArn: PassThroughProp = domain("CertificateArn") DomainName: PassThroughProp = domain("DomainName") - EndpointConfiguration: Optional[SamIntrinsicable[Literal["REGIONAL"]]] = domain("EndpointConfiguration") - MutualTlsAuthentication: Optional[PassThroughProp] = domain("MutualTlsAuthentication") - OwnershipVerificationCertificateArn: Optional[PassThroughProp] = domain("OwnershipVerificationCertificateArn") - Route53: Optional[Route53] = domain("Route53") - SecurityPolicy: Optional[PassThroughProp] = domain("SecurityPolicy") + EndpointConfiguration: SamIntrinsicable[Literal["REGIONAL"]] | None = domain("EndpointConfiguration") + MutualTlsAuthentication: PassThroughProp | None = domain("MutualTlsAuthentication") + OwnershipVerificationCertificateArn: PassThroughProp | None = domain("OwnershipVerificationCertificateArn") + Route53: Route53 | None = domain("Route53") + SecurityPolicy: PassThroughProp | None = domain("SecurityPolicy") class AuthConfig(BaseModel): - AuthArn: Optional[SamIntrinsicable[str]] = auth_spec("AuthArn") + AuthArn: SamIntrinsicable[str] | None = auth_spec("AuthArn") AuthType: PassThroughProp = auth_spec("AuthType") - InvokeRole: Optional[SamIntrinsicable[str]] = auth_spec("InvokeRole") - IdentitySource: Optional[PassThroughProp] = auth_spec("IdentitySource") - Name: Optional[PassThroughProp] = auth_spec("Name") + InvokeRole: SamIntrinsicable[str] | None = auth_spec("InvokeRole") + IdentitySource: PassThroughProp | None = auth_spec("IdentitySource") + Name: PassThroughProp | None = auth_spec("Name") class WebSocketApiRoute(BaseModel): - ApiKeyRequired: Optional[PassThroughProp] = route_spec("ApiKeyRequired") + ApiKeyRequired: PassThroughProp | None = route_spec("ApiKeyRequired") FunctionArn: SamIntrinsicable[str] = route_spec("FunctionArn") - IntegrationTimeout: Optional[PassThroughProp] = route_spec("IntegrationTimeout") - ModelSelectionExpression: Optional[PassThroughProp] = route_spec("ModelSelectionExpression") - OperationName: Optional[PassThroughProp] = route_spec("OperationName") - RequestModels: Optional[PassThroughProp] = route_spec("RequestModels") - RequestParameters: Optional[PassThroughProp] = route_spec("RequestParameters") - RouteResponseSelectionExpression: Optional[PassThroughProp] = route_spec("RouteResponseSelectionExpression") + IntegrationTimeout: PassThroughProp | None = route_spec("IntegrationTimeout") + ModelSelectionExpression: PassThroughProp | None = route_spec("ModelSelectionExpression") + OperationName: PassThroughProp | None = route_spec("OperationName") + RequestModels: PassThroughProp | None = route_spec("RequestModels") + RequestParameters: PassThroughProp | None = route_spec("RequestParameters") + RouteResponseSelectionExpression: PassThroughProp | None = route_spec("RouteResponseSelectionExpression") -ApiKeySelectionExpression = Optional[PassThroughProp] -AccessLogSettings = Optional[PassThroughProp] -DefaultRouteSettings = Optional[PassThroughProp] -IpAddressType = Optional[PassThroughProp] -RouteSettings = Optional[PassThroughProp] -RouteSelectionExpression = Optional[PassThroughProp] -StageVariables = Optional[PassThroughProp] -Tags = Optional[DictStrAny] +ApiKeySelectionExpression = PassThroughProp | None +AccessLogSettings = PassThroughProp | None +DefaultRouteSettings = PassThroughProp | None +IpAddressType = PassThroughProp | None +RouteSettings = PassThroughProp | None +RouteSelectionExpression = PassThroughProp | None +StageVariables = PassThroughProp | None +Tags = DictStrAny | None class Properties(BaseModel): - ApiKeySelectionExpression: Optional[PassThroughProp] = properties("ApiKeySelectionExpression") - AccessLogSettings: Optional[AccessLogSettings] = properties("AccessLogSettings") - Auth: Optional[AuthConfig] = properties("Auth") - DefaultRouteSettings: Optional[RouteSettings] = properties("DefaultRouteSettings") - Description: Optional[str] = properties("Description") - DisableExecuteApiEndpoint: Optional[PassThroughProp] = properties("DisableExecuteApiEndpoint") - Domain: Optional[Domain] = properties("Domain") - DisableSchemaValidation: Optional[bool] = properties("DisableSchemaValidation") - IpAddressType: Optional[PassThroughProp] = properties("IpAddressType") - Name: Optional[PassThroughProp] = properties("Name") - PropagateTags: Optional[bool] = properties("PropagateTags") - Routes: Dict[str, WebSocketApiRoute] = properties("Routes") + ApiKeySelectionExpression: PassThroughProp | None = properties("ApiKeySelectionExpression") + AccessLogSettings: AccessLogSettings | None = properties("AccessLogSettings") + Auth: AuthConfig | None = properties("Auth") + DefaultRouteSettings: RouteSettings | None = properties("DefaultRouteSettings") + Description: str | None = properties("Description") + DisableExecuteApiEndpoint: PassThroughProp | None = properties("DisableExecuteApiEndpoint") + Domain: Domain | None = properties("Domain") + DisableSchemaValidation: bool | None = properties("DisableSchemaValidation") + IpAddressType: PassThroughProp | None = properties("IpAddressType") + Name: PassThroughProp | None = properties("Name") + PropagateTags: bool | None = properties("PropagateTags") + Routes: dict[str, WebSocketApiRoute] = properties("Routes") RouteSelectionExpression: PassThroughProp = properties("RouteSelectionExpression") - RouteSettings: Optional[RouteSettings] = properties("RouteSettings") - StageName: Optional[PassThroughProp] = properties("StageName") - StageVariables: Optional[StageVariables] = properties("StageVariables") - Tags: Optional[Tags] = properties("Tags") + RouteSettings: RouteSettings | None = properties("RouteSettings") + StageName: PassThroughProp | None = properties("StageName") + StageVariables: StageVariables | None = properties("StageVariables") + Tags: Tags | None = properties("Tags") class Globals(BaseModel): - ApiKeySelectionExpression: Optional[str] = properties("ApiKeySelectionExpression") - AccessLogSettings: Optional[AccessLogSettings] = properties("AccessLogSettings") - DefaultRouteSettings: Optional[RouteSettings] = properties("DefaultRouteSettings") - DisableExecuteApiEndpoint: Optional[bool] = properties("DisableExecuteApiEndpoint") - DisableSchemaValidation: Optional[bool] = properties("DisableSchemaValidation") - Domain: Optional[Domain] = properties("Domain") - IpAddressType: Optional[str] = properties("IpAddressType") - PropagateTags: Optional[bool] = properties("PropagateTags") - RouteSettings: Optional[RouteSettings] = properties("RouteSettings") - RouteSelectionExpression: Optional[str] = properties("RouteSelectionExpression") - StageVariables: Optional[StageVariables] = properties("StageVariables") - Tags: Optional[Tags] = properties("Tags") + ApiKeySelectionExpression: str | None = properties("ApiKeySelectionExpression") + AccessLogSettings: AccessLogSettings | None = properties("AccessLogSettings") + DefaultRouteSettings: RouteSettings | None = properties("DefaultRouteSettings") + DisableExecuteApiEndpoint: bool | None = properties("DisableExecuteApiEndpoint") + DisableSchemaValidation: bool | None = properties("DisableSchemaValidation") + Domain: Domain | None = properties("Domain") + IpAddressType: str | None = properties("IpAddressType") + PropagateTags: bool | None = properties("PropagateTags") + RouteSettings: RouteSettings | None = properties("RouteSettings") + RouteSelectionExpression: str | None = properties("RouteSelectionExpression") + StageVariables: StageVariables | None = properties("StageVariables") + Tags: Tags | None = properties("Tags") class Resource(ResourceAttributes): Type: Literal["AWS::Serverless::WebSocketApi"] - Properties: Optional[Properties] + Properties: Properties | None diff --git a/samtranslator/internal/schema_source/common.py b/samtranslator/internal/schema_source/common.py index 617f8f414b..ca9f9bee04 100644 --- a/samtranslator/internal/schema_source/common.py +++ b/samtranslator/internal/schema_source/common.py @@ -1,7 +1,7 @@ import json from functools import partial from pathlib import Path -from typing import Any, Dict, List, Literal, Optional, TypeVar, Union +from typing import Any, Literal, TypeVar, Union from samtranslator.compat import pydantic from samtranslator.model.types import PassThrough @@ -19,13 +19,13 @@ class PassThroughProp(pydantic.BaseModel): # Intrinsic resolvable by the SAM transform T = TypeVar("T") -SamIntrinsicable = Union[Dict[str, Any], T] -SamIntrinsic = Dict[str, Any] +SamIntrinsicable = Union[dict[str, Any], T] +SamIntrinsic = dict[str, Any] # TODO: Get rid of this in favor of proper types -Unknown = Optional[Any] +Unknown = Any | None -DictStrAny = Dict[str, Any] +DictStrAny = dict[str, Any] LenientBaseModel = pydantic.BaseModel @@ -34,14 +34,14 @@ class PassThroughProp(pydantic.BaseModel): # Connector Permissions -PermissionsType = List[Literal["Read", "Write"]] +PermissionsType = list[Literal["Read", "Write"]] def get_prop(stem: str) -> Any: return partial(_get_prop, stem) -def passthrough_prop(sam_docs_stem: str, sam_docs_name: str, prop_path: List[str]) -> Any: +def passthrough_prop(sam_docs_stem: str, sam_docs_name: str, prop_path: list[str]) -> Any: """ Specifies a pass-through field, where resource_type is the CloudFormation resource type, and path is the list of keys to the property. @@ -92,9 +92,9 @@ class Ref(BaseModel): class ResourceAttributes(BaseModel): - DependsOn: Optional[PassThroughProp] - DeletionPolicy: Optional[PassThroughProp] - Metadata: Optional[PassThroughProp] - UpdateReplacePolicy: Optional[PassThroughProp] - Condition: Optional[PassThroughProp] - IgnoreGlobals: Optional[Union[str, List[str]]] + DependsOn: PassThroughProp | None + DeletionPolicy: PassThroughProp | None + Metadata: PassThroughProp | None + UpdateReplacePolicy: PassThroughProp | None + Condition: PassThroughProp | None + IgnoreGlobals: Union[str, list[str]] | None diff --git a/samtranslator/internal/schema_source/sam-docs.json b/samtranslator/internal/schema_source/sam-docs.json index 61d720090f..7804e0032c 100644 --- a/samtranslator/internal/schema_source/sam-docs.json +++ b/samtranslator/internal/schema_source/sam-docs.json @@ -49,6 +49,7 @@ "CertificateArn": "The Amazon Resource Name (https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/ARN.html) of an AWS managed certificate this domain name's endpoint. AWS Certificate Manager is the only supported source. \n*Type*: String \n*Required*: Yes \n*CloudFormation compatibility*: This property is similar to the [`CertificateArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-certificatearn) property of an `AWS::ApiGateway::DomainName` resource. If `EndpointConfiguration` is set to `REGIONAL` (the default value), `CertificateArn` maps to [RegionalCertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-regionalcertificatearn) in `AWS::ApiGateway::DomainName`. If the `EndpointConfiguration` is set to `EDGE`, `CertificateArn` maps to [CertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-certificatearn) in `AWS::ApiGateway::DomainName`. If `EndpointConfiguration` is set to `PRIVATE`, this property is passed to the [AWS::ApiGateway::DomainNameV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2) resource. \n*Additional notes*: For an `EDGE` endpoint, you must create the certificate in the `us-east-1` AWS Region.", "DomainName": "The custom domain name for your API Gateway API. Uppercase letters are not supported. \nAWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html) resource when this property is set. For information about this scenario, see [DomainName property is specified](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources-api.html#sam-specification-generated-resources-api-domain-name). For information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html). \n*Type*: String \n*Required*: Yes \n*CloudFormation compatibility*: This property is passed directly to the [`DomainName`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-domainname) property of an `AWS::ApiGateway::DomainName` resource, or to [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2) when EndpointConfiguration is set to `PRIVATE`.", "EndpointConfiguration": "Defines the type of API Gateway endpoint to map to the custom domain. The value of this property determines how the `CertificateArn` property is mapped in CloudFormation. \n*Valid values*: `EDGE`, `REGIONAL`, or `PRIVATE` \n*Type*: String \n*Required*: No \n*Default*: `REGIONAL` \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", + "EndpointAccessMode": "The endpoint access mode for the custom domain name. \n*Type*: String \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-endpointaccessmode) property of an `AWS::ApiGateway::DomainName` resource, or to `AWS::ApiGateway::DomainNameV2` when `EndpointConfiguration` is set to `PRIVATE`.", "MutualTlsAuthentication": "The mutual Transport Layer Security (https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/TLS.html) authentication configuration for a custom domain name. \n*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`MutualTlsAuthentication`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication) property of an `AWS::ApiGateway::DomainName` resource.", "NormalizeBasePath": "Indicates whether non-alphanumeric characters are allowed in basepaths defined by the `BasePath` property. When set to `True`, non-alphanumeric characters are removed from basepaths. \nUse `NormalizeBasePath` with the `BasePath` property. \n*Type*: Boolean \n*Required*: No \n*Default*: True \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", "OwnershipVerificationCertificateArn": "The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the `CertificateArn`. \n*Type*: String \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`OwnershipVerificationCertificateArn`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-ownershipverificationcertificatearn) property of an `AWS::ApiGateway::DomainName` resource.", @@ -741,6 +742,7 @@ "Description": "A description of the Api resource. \n*Type*: String \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`Description`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-description) property of an `AWS::ApiGateway::RestApi` resource.", "DisableExecuteApiEndpoint": "Specifies whether clients can invoke your API by using the default `execute-api` endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com`. To require that clients use a custom domain name to invoke your API, specify `True`. \n*Type*: Boolean \n*Required*: No \n*CloudFormation compatibility*: This property is similar to the `[ DisableExecuteApiEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-disableexecuteapiendpoint)` property of an `AWS::ApiGateway::RestApi` resource. It is passed directly to the `disableExecuteApiEndpoint` property of an `[ x-amazon-apigateway-endpoint-configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html)` extension, which gets added to the ` [ Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-body)` property of an `AWS::ApiGateway::RestApi` resource.", "Domain": "Configures a custom domain for this API Gateway API. \n*Type*: [DomainConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-domainconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", + "EndpointAccessMode": "The endpoint access mode for the RestApi. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointaccessmode) property of an `AWS::ApiGateway::RestApi` resource.", "EndpointConfiguration": "The endpoint type of a REST API. \n*Type*: [EndpointConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-endpointconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is similar to the [`EndpointConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointconfiguration) property of an `AWS::ApiGateway::RestApi` resource. The nested configuration properties are named differently.", "FailOnWarnings": "Specifies whether to roll back the API creation (`true`) or not (`false`) when a warning is encountered. The default value is `false`. \n*Type*: Boolean \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`FailOnWarnings`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-failonwarnings) property of an `AWS::ApiGateway::RestApi` resource.", "GatewayResponses": "Configures Gateway Responses for an API. Gateway Responses are responses returned by API Gateway, either directly or through the use of Lambda Authorizers. For more information, see the documentation for the [Api Gateway OpenApi extension for Gateway Responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.html). \n*Type*: Map \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", diff --git a/samtranslator/internal/schema_source/schema.py b/samtranslator/internal/schema_source/schema.py index 6794ee52a3..3cf05c30e5 100644 --- a/samtranslator/internal/schema_source/schema.py +++ b/samtranslator/internal/schema_source/schema.py @@ -2,9 +2,10 @@ import argparse import json +from collections.abc import Callable from copy import deepcopy from pathlib import Path -from typing import Any, Callable, Dict, List, Optional, Type, Union +from typing import Any, Union from samtranslator.compat import pydantic from samtranslator.internal.schema_source import ( @@ -25,14 +26,14 @@ class Globals(BaseModel): - Function: Optional[aws_serverless_function.Globals] - Api: Optional[aws_serverless_api.Globals] - HttpApi: Optional[aws_serverless_httpapi.Globals] - WebSocketApi: Optional[aws_serverless_websocketapi.Globals] - SimpleTable: Optional[aws_serverless_simpletable.Globals] - StateMachine: Optional[aws_serverless_statemachine.Globals] - LayerVersion: Optional[aws_serverless_layerversion.Globals] - CapacityProvider: Optional[aws_serverless_capacity_provider.Globals] + Function: aws_serverless_function.Globals | None + Api: aws_serverless_api.Globals | None + HttpApi: aws_serverless_httpapi.Globals | None + WebSocketApi: aws_serverless_websocketapi.Globals | None + SimpleTable: aws_serverless_simpletable.Globals | None + StateMachine: aws_serverless_statemachine.Globals | None + LayerVersion: aws_serverless_layerversion.Globals | None + CapacityProvider: aws_serverless_capacity_provider.Globals | None Resources = Union[ @@ -51,11 +52,11 @@ class Globals(BaseModel): class _ModelWithoutResources(LenientBaseModel): - Globals: Optional[Globals] + Globals: Globals | None class SamModel(_ModelWithoutResources): - Resources: Dict[ + Resources: dict[ str, Union[ Resources, @@ -66,10 +67,10 @@ class SamModel(_ModelWithoutResources): class Model(_ModelWithoutResources): - Resources: Dict[str, Resources] + Resources: dict[str, Resources] -def get_schema(model: Type[pydantic.BaseModel]) -> Dict[str, Any]: +def get_schema(model: type[pydantic.BaseModel]) -> dict[str, Any]: obj = model.schema() # http://json-schema.org/understanding-json-schema/reference/schema.html#schema @@ -89,7 +90,7 @@ def json_dumps(obj: Any) -> str: return json.dumps(obj, indent=2, sort_keys=True) + "\n" -def _replace_in_dict(d: Dict[str, Any], keyword: str, replace: Callable[[Dict[str, Any]], Any]) -> Dict[str, Any]: +def _replace_in_dict(d: dict[str, Any], keyword: str, replace: Callable[[dict[str, Any]], Any]) -> dict[str, Any]: """ Replace any dict containing keyword. @@ -103,7 +104,7 @@ def _replace_in_dict(d: Dict[str, Any], keyword: str, replace: Callable[[Dict[st return d -def _deep_get(d: Dict[str, Any], path: List[str]) -> Dict[str, Any]: +def _deep_get(d: dict[str, Any], path: list[str]) -> dict[str, Any]: """ Returns value at path defined by the keys in `path`. """ @@ -112,7 +113,7 @@ def _deep_get(d: Dict[str, Any], path: List[str]) -> Dict[str, Any]: return d -def _add_embedded_connectors(schema: Dict[str, Any]) -> None: +def _add_embedded_connectors(schema: dict[str, Any]) -> None: """ Add embedded Connectors resource attribute to supported CloudFormation resources. """ @@ -129,7 +130,7 @@ def _add_embedded_connectors(schema: Dict[str, Any]) -> None: schema["definitions"][resource]["properties"]["Connectors"] = embedded_connector -def extend_with_cfn_schema(sam_schema: Dict[str, Any], cfn_schema: Dict[str, Any]) -> None: +def extend_with_cfn_schema(sam_schema: dict[str, Any], cfn_schema: dict[str, Any]) -> None: """ Add CloudFormation resources and template syntax to SAM schema. """ @@ -158,7 +159,7 @@ def extend_with_cfn_schema(sam_schema: Dict[str, Any], cfn_schema: Dict[str, Any _add_embedded_connectors(sam_schema) # Inject CloudFormation documentation to SAM pass-through properties - def replace_passthrough(d: Dict[str, Any]) -> Dict[str, Any]: + def replace_passthrough(d: dict[str, Any]) -> dict[str, Any]: passthrough = d["__samPassThrough"] schema = deepcopy(_deep_get(cfn_schema, passthrough["schemaPath"])) schema["markdownDescription"] = passthrough["markdownDescriptionOverride"] diff --git a/samtranslator/internal/types.py b/samtranslator/internal/types.py index ff5b1e2e17..b71f936308 100644 --- a/samtranslator/internal/types.py +++ b/samtranslator/internal/types.py @@ -1,4 +1,4 @@ -from typing import Callable, Dict +from collections.abc import Callable # Function to retrieve name-to-ARN managed policy map -GetManagedPolicyMap = Callable[[], Dict[str, str]] +GetManagedPolicyMap = Callable[[], dict[str, str]] diff --git a/samtranslator/internal/utils/utils.py b/samtranslator/internal/utils/utils.py index 89d165a6b3..8be14c53c5 100644 --- a/samtranslator/internal/utils/utils.py +++ b/samtranslator/internal/utils/utils.py @@ -1,15 +1,15 @@ -from typing import Any, Dict, Optional, cast +from typing import Any, cast from samtranslator.internal.schema_source.common import PassThroughProp from samtranslator.model.types import PassThrough -def remove_none_values(d: Dict[Any, Any]) -> Dict[Any, Any]: +def remove_none_values(d: dict[Any, Any]) -> dict[Any, Any]: """Returns a copy of the dictionary with no items that have the value None.""" return {k: v for k, v in d.items() if v is not None} -def passthrough_value(v: Optional[PassThroughProp]) -> PassThrough: +def passthrough_value(v: PassThroughProp | None) -> PassThrough: """ Cast PassThroughProp values to PassThrough. diff --git a/samtranslator/intrinsics/actions.py b/samtranslator/intrinsics/actions.py index 3018bf907b..13617be944 100644 --- a/samtranslator/intrinsics/actions.py +++ b/samtranslator/intrinsics/actions.py @@ -1,11 +1,12 @@ import re from abc import ABC -from typing import Any, Callable, Dict, List, Optional, Tuple +from collections.abc import Callable +from typing import Any from samtranslator.model.exceptions import InvalidDocumentException, InvalidTemplateException -def _get_parameter_value(parameters: Dict[str, Any], param_name: str, default: Any = None) -> Any: +def _get_parameter_value(parameters: dict[str, Any], param_name: str, default: Any = None) -> Any: """ Get parameter value from parameters dict, but return default (None) if - it's a CloudFormation internal placeholder. @@ -42,25 +43,23 @@ class Action(ABC): _resource_ref_separator = "." intrinsic_name: str - def resolve_parameter_refs( # noqa: B027 - self, input_dict: Optional[Any], parameters: Dict[str, Any] - ) -> Optional[Any]: + def resolve_parameter_refs(self, input_dict: Any | None, parameters: dict[str, Any]) -> Any | None: # noqa: B027 """ Subclass optionally implement this method to resolve the intrinsic function TODO: input_dict should not be None. """ def resolve_resource_refs( # noqa: B027 - self, input_dict: Optional[Any], supported_resource_refs: Dict[str, Any] - ) -> Optional[Any]: + self, input_dict: Any | None, supported_resource_refs: dict[str, Any] + ) -> Any | None: """ Subclass optionally implement this method to resolve resource references TODO: input_dict should not be None. """ def resolve_resource_id_refs( # noqa: B027 - self, input_dict: Optional[Any], supported_resource_id_refs: Dict[str, Any] - ) -> Optional[Any]: + self, input_dict: Any | None, supported_resource_id_refs: dict[str, Any] + ) -> Any | None: """ Subclass optionally implement this method to resolve resource references TODO: input_dict should not be None. @@ -77,7 +76,7 @@ def can_handle(self, input_dict: Any) -> bool: return isinstance(input_dict, dict) and len(input_dict) == 1 and self.intrinsic_name in input_dict @classmethod - def _parse_resource_reference(cls, ref_value: Any) -> Tuple[Optional[str], Optional[str]]: + def _parse_resource_reference(cls, ref_value: Any) -> tuple[str | None, str | None]: """ Splits a resource reference of structure "LogicalId.Property" and returns the "LogicalId" and "Property" separately. @@ -109,7 +108,7 @@ def _parse_resource_reference(cls, ref_value: Any) -> Tuple[Optional[str], Optio class RefAction(Action): intrinsic_name = "Ref" - def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str, Any]) -> Optional[Any]: + def resolve_parameter_refs(self, input_dict: Any | None, parameters: dict[str, Any]) -> Any | None: """ Resolves references that are present in the parameters and returns the value. If it is not in parameters, this method simply returns the input unchanged. @@ -132,9 +131,7 @@ def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str # It returns the original input unchanged if the parameter is a CloudFormation internal placeholder return _get_parameter_value(parameters, param_name, input_dict) - def resolve_resource_refs( - self, input_dict: Optional[Any], supported_resource_refs: Dict[str, Any] - ) -> Optional[Any]: + def resolve_resource_refs(self, input_dict: Any | None, supported_resource_refs: dict[str, Any]) -> Any | None: """ Resolves references to some property of a resource. These are runtime properties which can't be converted to a value here. Instead we output another reference that will more actually resolve to the value when @@ -166,8 +163,8 @@ def resolve_resource_refs( return {self.intrinsic_name: resolved_value} def resolve_resource_id_refs( - self, input_dict: Optional[Any], supported_resource_id_refs: Dict[str, Any] - ) -> Optional[Any]: + self, input_dict: Any | None, supported_resource_id_refs: dict[str, Any] + ) -> Any | None: """ Updates references to the old logical id of a resource to the new (generated) logical id. @@ -198,7 +195,7 @@ def resolve_resource_id_refs( class SubAction(Action): intrinsic_name = "Fn::Sub" - def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str, Any]) -> Optional[Any]: + def resolve_parameter_refs(self, input_dict: Any | None, parameters: dict[str, Any]) -> Any | None: """ Substitute references found within the string of `Fn::Sub` intrinsic function @@ -224,9 +221,7 @@ def do_replacement(full_ref: str, prop_name: str) -> Any: return self._handle_sub_action(input_dict, do_replacement) - def resolve_resource_refs( - self, input_dict: Optional[Any], supported_resource_refs: Dict[str, Any] - ) -> Optional[Any]: + def resolve_resource_refs(self, input_dict: Any | None, supported_resource_refs: dict[str, Any]) -> Any | None: """ Resolves reference to some property of a resource. Inside string to be substituted, there could be either a "Ref" or a "GetAtt" usage of this property. They have to be handled differently. @@ -286,8 +281,8 @@ def do_replacement(full_ref: str, ref_value: str) -> str: return self._handle_sub_action(input_dict, do_replacement) def resolve_resource_id_refs( - self, input_dict: Optional[Any], supported_resource_id_refs: Dict[str, Any] - ) -> Optional[Any]: + self, input_dict: Any | None, supported_resource_id_refs: dict[str, Any] + ) -> Any | None: """ Resolves reference to some property of a resource. Inside string to be substituted, there could be either a "Ref" or a "GetAtt" usage of this property. They have to be handled differently. @@ -343,9 +338,7 @@ def do_replacement(full_ref: str, ref_value: str) -> str: return self._handle_sub_action(input_dict, do_replacement) - def _handle_sub_action( - self, input_dict: Optional[Dict[Any, Any]], handler: Callable[[str, str], str] - ) -> Optional[Any]: + def _handle_sub_action(self, input_dict: dict[Any, Any] | None, handler: Callable[[str, str], str]) -> Any | None: """ Handles resolving replacements in the Sub action based on the handler that is passed as an input. @@ -436,13 +429,11 @@ class GetAttAction(Action): _MIN_NUM_ARGUMENTS = 2 - def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str, Any]) -> Optional[Any]: + def resolve_parameter_refs(self, input_dict: Any | None, parameters: dict[str, Any]) -> Any | None: # Parameters can never be referenced within GetAtt value return input_dict - def resolve_resource_refs( - self, input_dict: Optional[Any], supported_resource_refs: Dict[str, Any] - ) -> Optional[Any]: + def resolve_resource_refs(self, input_dict: Any | None, supported_resource_refs: dict[str, Any]) -> Any | None: """ Resolve resource references within a GetAtt dict. @@ -496,8 +487,8 @@ def resolve_resource_refs( return self._get_resolved_dictionary(input_dict, key, resolved_value, remaining) def resolve_resource_id_refs( - self, input_dict: Optional[Any], supported_resource_id_refs: Dict[str, Any] - ) -> Optional[Any]: + self, input_dict: Any | None, supported_resource_id_refs: dict[str, Any] + ) -> Any | None: """ Resolve resource references within a GetAtt dict. @@ -549,8 +540,8 @@ def _check_input_value(self, value: Any) -> bool: return all(isinstance(item, str) for item in value) def _get_resolved_dictionary( - self, input_dict: Optional[Dict[str, Any]], key: str, resolved_value: Optional[str], remaining: List[str] - ) -> Optional[Any]: + self, input_dict: dict[str, Any] | None, key: str, resolved_value: str | None, remaining: list[str] + ) -> Any | None: """ Resolves the function and returns the updated dictionary @@ -576,7 +567,7 @@ class FindInMapAction(Action): _NUM_ARGUMENTS = 3 - def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str, Any]) -> Optional[Any]: + def resolve_parameter_refs(self, input_dict: Any | None, parameters: dict[str, Any]) -> Any | None: """ Recursively resolves "Fn::FindInMap"references that are present in the mappings and returns the value. If it is not in mappings, this method simply returns the input unchanged. diff --git a/samtranslator/intrinsics/resolver.py b/samtranslator/intrinsics/resolver.py index e510ab40e9..c47218672e 100644 --- a/samtranslator/intrinsics/resolver.py +++ b/samtranslator/intrinsics/resolver.py @@ -1,5 +1,6 @@ # Help resolve intrinsic functions -from typing import Any, Callable, Dict, List, Optional, Union, cast +from collections.abc import Callable +from typing import Any, Union, cast from samtranslator.intrinsics.actions import Action, GetAttAction, RefAction, SubAction from samtranslator.intrinsics.resource_refs import SupportedResourceReferences @@ -10,7 +11,7 @@ class IntrinsicsResolver: - def __init__(self, parameters: Dict[str, Any], supported_intrinsics: Optional[Dict[str, Any]] = None) -> None: + def __init__(self, parameters: dict[str, Any], supported_intrinsics: dict[str, Any] | None = None) -> None: """ Instantiate the resolver :param dict parameters: Map of parameter names to their values @@ -48,8 +49,8 @@ def resolve_parameter_refs(self, _input: Any) -> Any: return self._traverse(_input, self.parameters, self._try_resolve_parameter_refs) def resolve_sam_resource_refs( - self, _input: Dict[str, Any], supported_resource_refs: SupportedResourceReferences - ) -> Dict[str, Any]: + self, _input: dict[str, Any], supported_resource_refs: SupportedResourceReferences + ) -> dict[str, Any]: """ Customers can provide a reference to a "derived" SAM resource such as Alias of a Function or Stage of an API resource. This method recursively walks the tree, converting all derived references to the real resource name, @@ -69,14 +70,14 @@ def resolve_sam_resource_refs( directly resolving references. In subsequent recursions, this will be a fragment of the CFN template. :param SupportedResourceReferences supported_resource_refs: Object that contains information about the resource references supported in this SAM template, along with the value they should resolve to. - :return list errors: List of dictionary containing information about invalid reference. Empty list otherwise + :return list errors: list of dictionary containing information about invalid reference. Empty list otherwise """ - # The _traverse() return type is the same as the input. Here the input is Dict[str, Any] + # The _traverse() return type is the same as the input. Here the input is dict[str, Any] return cast( - Dict[str, Any], self._traverse(_input, supported_resource_refs, self._try_resolve_sam_resource_refs) + dict[str, Any], self._traverse(_input, supported_resource_refs, self._try_resolve_sam_resource_refs) ) - def resolve_sam_resource_id_refs(self, _input: Dict[str, Any], supported_resource_id_refs: Dict[str, str]) -> Any: + def resolve_sam_resource_id_refs(self, _input: dict[str, Any], supported_resource_id_refs: dict[str, str]) -> Any: """ Some SAM resources have their logical ids mutated from the original id that the customer writes in the template. This method recursively walks the tree and updates these logical ids from the old value @@ -95,15 +96,15 @@ def resolve_sam_resource_id_refs(self, _input: Dict[str, Any], supported_resourc :param dict input: CFN template that needs resolution. This method will modify the input directly resolving references. In subsequent recursions, this will be a fragment of the CFN template. :param dict supported_resource_id_refs: Dictionary that maps old logical ids to new ones. - :return list errors: List of dictionary containing information about invalid reference. Empty list otherwise + :return list errors: list of dictionary containing information about invalid reference. Empty list otherwise """ return self._traverse(_input, supported_resource_id_refs, self._try_resolve_sam_resource_id_refs) def _traverse( self, input_value: Any, - resolution_data: Union[Dict[str, Any], SupportedResourceReferences], - resolver_method: Callable[[Dict[str, Any], Any], Any], + resolution_data: Union[dict[str, Any], SupportedResourceReferences], + resolver_method: Callable[[dict[str, Any], Any], Any], ) -> Any: """ Driver method that performs the actual traversal of input and calls the appropriate `resolver_method` when @@ -127,7 +128,7 @@ def _traverse( # Traversal Algorithm: # # Imagine the input dictionary/list as a tree. We are doing a Pre-Order tree traversal here where we first - # process the root node before going to its children. Dict and Lists are the only two iterable nodes. + # process the root node before going to its children. dict and Lists are the only two iterable nodes. # Everything else is a leaf node. # # We do a Pre-Order traversal to handle the case where `input` contains intrinsic function as its only child @@ -150,9 +151,9 @@ def _traverse( def _traverse_dict( self, - input_dict: Dict[str, Any], - resolution_data: Union[Dict[str, Any], SupportedResourceReferences], - resolver_method: Callable[[Dict[str, Any], Any], Any], + input_dict: dict[str, Any], + resolution_data: Union[dict[str, Any], SupportedResourceReferences], + resolver_method: Callable[[dict[str, Any], Any], Any], ) -> Any: """ Traverse a dictionary to resolve intrinsic functions on every value @@ -169,14 +170,14 @@ def _traverse_dict( def _traverse_list( self, - input_list: List[Any], - resolution_data: Union[Dict[str, Any], SupportedResourceReferences], - resolver_method: Callable[[Dict[str, Any], Any], Any], + input_list: list[Any], + resolution_data: Union[dict[str, Any], SupportedResourceReferences], + resolver_method: Callable[[dict[str, Any], Any], Any], ) -> Any: """ Traverse a list to resolve intrinsic functions on every element - :param input_list: List of input + :param input_list: list of input :param resolution_data: Data that the `resolver_method` needs to operate :param resolver_method: Method that can actually resolve an intrinsic function, if it detects one :return: Modified list with intrinsic functions resolved @@ -186,7 +187,7 @@ def _traverse_list( return input_list - def _try_resolve_parameter_refs(self, _input: Dict[str, Any], parameters: Dict[str, Any]) -> Any: + def _try_resolve_parameter_refs(self, _input: dict[str, Any], parameters: dict[str, Any]) -> Any: """ Try to resolve parameter references on the given input object. The object could be of any type. If the input is not in the format used by intrinsics (ie. dictionary with one key), input is returned @@ -204,7 +205,7 @@ def _try_resolve_parameter_refs(self, _input: Dict[str, Any], parameters: Dict[s return self.supported_intrinsics[function_type].resolve_parameter_refs(_input, parameters) def _try_resolve_sam_resource_refs( - self, _input: Dict[str, Any], supported_resource_refs: SupportedResourceReferences + self, _input: dict[str, Any], supported_resource_refs: SupportedResourceReferences ) -> Any: """ Try to resolve SAM resource references on the given template. If the given object looks like one of the @@ -223,7 +224,7 @@ def _try_resolve_sam_resource_refs( return self.supported_intrinsics[function_type].resolve_resource_refs(_input, supported_resource_refs) def _try_resolve_sam_resource_id_refs( - self, _input: Dict[str, Any], supported_resource_id_refs: Dict[str, str] + self, _input: dict[str, Any], supported_resource_id_refs: dict[str, str] ) -> Any: """ Try to resolve SAM resource id references on the given template. If the given object looks like one of the @@ -240,7 +241,7 @@ def _try_resolve_sam_resource_id_refs( function_type = next(iter(_input.keys())) return self.supported_intrinsics[function_type].resolve_resource_id_refs(_input, supported_resource_id_refs) - def _is_intrinsic_dict(self, _input: Dict[str, Any]) -> bool: + def _is_intrinsic_dict(self, _input: dict[str, Any]) -> bool: """ Can the _input represent an intrinsic function in it? diff --git a/samtranslator/intrinsics/resource_refs.py b/samtranslator/intrinsics/resource_refs.py index 59b42f51c7..24971f481e 100644 --- a/samtranslator/intrinsics/resource_refs.py +++ b/samtranslator/intrinsics/resource_refs.py @@ -1,4 +1,4 @@ -from typing import Any, Dict +from typing import Any class SupportedResourceReferences: @@ -11,7 +11,7 @@ class SupportedResourceReferences: def __init__(self) -> None: # This is a two level map like: # { "LogicalId": {"Property": "Value"} } - self._refs: Dict[str, Dict[str, Any]] = {} + self._refs: dict[str, dict[str, Any]] = {} def add(self, logical_id, property_name, value): # type: ignore[no-untyped-def] """ diff --git a/samtranslator/metrics/method_decorator.py b/samtranslator/metrics/method_decorator.py index fa152b1b7f..32e271a0c0 100644 --- a/samtranslator/metrics/method_decorator.py +++ b/samtranslator/metrics/method_decorator.py @@ -4,8 +4,9 @@ import functools import logging +from collections.abc import Callable from datetime import datetime -from typing import Callable, Optional, TypeVar, Union, overload +from typing import TypeVar, Union, overload from typing_extensions import ParamSpec @@ -84,18 +85,16 @@ def _send_cw_metric(prefix, name, execution_time_ms, func, args): # type: ignor @overload def cw_timer( - *, name: Optional[str] = None, prefix: Optional[str] = None + *, name: str | None = None, prefix: str | None = None ) -> Callable[[Callable[_PT, _RT]], Callable[_PT, _RT]]: ... @overload -def cw_timer( - _func: Callable[_PT, _RT], name: Optional[str] = None, prefix: Optional[str] = None -) -> Callable[_PT, _RT]: ... +def cw_timer(_func: Callable[_PT, _RT], name: str | None = None, prefix: str | None = None) -> Callable[_PT, _RT]: ... def cw_timer( - _func: Optional[Callable[_PT, _RT]] = None, name: Optional[str] = None, prefix: Optional[str] = None + _func: Callable[_PT, _RT] | None = None, name: str | None = None, prefix: str | None = None ) -> Union[Callable[_PT, _RT], Callable[[Callable[_PT, _RT]], Callable[_PT, _RT]]]: """ A method decorator, that will calculate execution time of the decorated method, and store this information as a diff --git a/samtranslator/metrics/metrics.py b/samtranslator/metrics/metrics.py index 72da530b73..e9b318c060 100644 --- a/samtranslator/metrics/metrics.py +++ b/samtranslator/metrics/metrics.py @@ -5,7 +5,7 @@ import logging from abc import ABC, abstractmethod from datetime import datetime, timezone -from typing import Any, Dict, List, Optional, TypedDict, Union +from typing import Any, TypedDict, Union from samtranslator.internal.deprecation_control import deprecated @@ -16,7 +16,7 @@ class MetricsPublisher(ABC): """Interface for all MetricPublishers""" @abstractmethod - def publish(self, namespace: str, metrics: List["MetricDatum"]) -> None: + def publish(self, namespace: str, metrics: list["MetricDatum"]) -> None: """ Abstract method to publish all metrics to CloudWatch @@ -70,7 +70,7 @@ class DummyMetricsPublisher(MetricsPublisher): def __init__(self) -> None: MetricsPublisher.__init__(self) - def publish(self, namespace: str, metrics: List["MetricDatum"]) -> None: + def publish(self, namespace: str, metrics: list["MetricDatum"]) -> None: """Do not publish any metric, this is a dummy publisher used for offline use.""" LOG.debug(f"Dummy publisher ignoring {len(metrics)} metrices") @@ -99,8 +99,8 @@ def __init__( name: str, value: Union[int, float], unit: str, - dimensions: Optional[List["MetricDimension"]] = None, - timestamp: Optional[datetime] = None, + dimensions: list["MetricDimension"] | None = None, + timestamp: datetime | None = None, ) -> None: """ Constructor @@ -117,7 +117,7 @@ def __init__( self.dimensions = dimensions if dimensions else [] self.timestamp = timestamp if timestamp else datetime.now(timezone.utc) - def get_metric_data(self) -> Dict[str, Any]: + def get_metric_data(self) -> dict[str, Any]: return { "MetricName": self.name, "Value": self.value, @@ -134,7 +134,7 @@ class MetricDimension(TypedDict): class Metrics: def __init__( - self, namespace: str = "ServerlessTransform", metrics_publisher: Optional[MetricsPublisher] = None + self, namespace: str = "ServerlessTransform", metrics_publisher: MetricsPublisher | None = None ) -> None: """ Constructor @@ -143,7 +143,7 @@ def __init__( :param metrics_publisher: publisher to publish all metrics """ self.metrics_publisher = metrics_publisher if metrics_publisher else DummyMetricsPublisher() - self.metrics_cache: Dict[str, List[MetricDatum]] = {} + self.metrics_cache: dict[str, list[MetricDatum]] = {} self.namespace = namespace def __del__(self) -> None: @@ -159,8 +159,8 @@ def _record_metric( name: str, value: Union[int, float], unit: str, - dimensions: Optional[List["MetricDimension"]] = None, - timestamp: Optional[datetime] = None, + dimensions: list["MetricDimension"] | None = None, + timestamp: datetime | None = None, ) -> None: """ Create and save metric object in internal cache. @@ -177,8 +177,8 @@ def record_count( self, name: str, value: int, - dimensions: Optional[List["MetricDimension"]] = None, - timestamp: Optional[datetime] = None, + dimensions: list["MetricDimension"] | None = None, + timestamp: datetime | None = None, ) -> None: """ Create metric with unit Count. @@ -195,8 +195,8 @@ def record_latency( self, name: str, value: Union[int, float], - dimensions: Optional[List["MetricDimension"]] = None, - timestamp: Optional[datetime] = None, + dimensions: list["MetricDimension"] | None = None, + timestamp: datetime | None = None, ) -> None: """ Create metric with unit Milliseconds. @@ -219,11 +219,11 @@ def publish(self) -> None: self.metrics_publisher.publish(self.namespace, all_metrics) self.metrics_cache = {} - def get_metric(self, name: str) -> List[MetricDatum]: + def get_metric(self, name: str) -> list[MetricDatum]: """ Returns a list of metrics from the internal cache for a metric name :param name: metric name - :returns: List (possibly empty) of MetricDatum objects + :returns: list (possibly empty) of MetricDatum objects """ return self.metrics_cache.get(name, []) diff --git a/samtranslator/model/__init__.py b/samtranslator/model/__init__.py index be2682a2e1..5f04e3ad3b 100644 --- a/samtranslator/model/__init__.py +++ b/samtranslator/model/__init__.py @@ -3,9 +3,10 @@ import inspect import re from abc import ABC, ABCMeta, abstractmethod +from collections.abc import Callable from contextlib import suppress from enum import Enum -from typing import Any, Callable, Dict, List, Optional, Tuple, Type, TypeVar +from typing import Any, TypeVar from samtranslator.compat import pydantic from samtranslator.model.exceptions import ( @@ -23,7 +24,7 @@ class StringEnumExpectedType: """Expected type wrapper for string enum validators.""" - def __init__(self, enum_values: List[str]): + def __init__(self, enum_values: list[str]): # Format description based on number of values num_values = len(enum_values) if num_values == 1: @@ -67,7 +68,7 @@ def __init__( self.supports_intrinsics = supports_intrinsics self.expected_type = self._resolve_expected_type(validate) - def _resolve_expected_type(self, validate: Validator) -> Optional[Any]: + def _resolve_expected_type(self, validate: Validator) -> Any | None: """Resolve expected_type from validator attribute or default mapping.""" # Check if validator has enum_values attribute (from IS_STR_ENUM) if hasattr(validate, "enum_values"): @@ -138,7 +139,7 @@ class Resource(ABC): # two lines to avoid any potential behavior change. # TODO: Make `Resource` an abstract class and not giving `resource_type`/`property_types` initial value. resource_type: str = None # type: ignore - property_types: Dict[str, PropertyType] = None # type: ignore + property_types: dict[str, PropertyType] = None # type: ignore _keywords = {"logical_id", "relative_id", "depends_on", "resource_attributes"} # For attributes in this list, they will be passed into the translated template for the same resource itself. @@ -154,20 +155,20 @@ class Resource(ABC): # attrs = { # "arn": fnGetAtt(self.logical_id, "Arn") # } - runtime_attrs: Dict[str, Callable[["Resource"], Any]] = {} # TODO: replace Any with something more explicit + runtime_attrs: dict[str, Callable[["Resource"], Any]] = {} # TODO: replace Any with something more explicit # When "validate_setattr" is True, we cannot change the value of any class variables after instantiation unless they # are in "property_types" or "_keywords". We can set this to False in the inheriting class definition so we can # update other class variables as well after instantiation. validate_setattr: bool = True - Tags: Optional[PassThrough] + Tags: PassThrough | None def __init__( self, - logical_id: Optional[Any], - relative_id: Optional[str] = None, - depends_on: Optional[List[str]] = None, - attributes: Optional[Dict[str, Any]] = None, + logical_id: Any | None, + relative_id: str | None = None, + depends_on: list[str] | None = None, + attributes: dict[str, Any] | None = None, ) -> None: """Initializes a Resource object with the given logical id. @@ -184,13 +185,13 @@ def __init__( for name, _ in self.property_types.items(): setattr(self, name, None) - self.resource_attributes: Dict[str, Any] = {} + self.resource_attributes: dict[str, Any] = {} if attributes is not None: for attr, value in attributes.items(): self.set_resource_attribute(attr, value) @classmethod - def get_supported_resource_attributes(cls) -> Tuple[str, ...]: + def get_supported_resource_attributes(cls) -> tuple[str, ...]: """ A getter method for the supported resource attributes returns: a tuple that contains the name of all supported resource attributes @@ -198,7 +199,7 @@ def get_supported_resource_attributes(cls) -> Tuple[str, ...]: return tuple(cls._supported_resource_attributes) @classmethod - def get_pass_through_attributes(cls) -> Tuple[str, ...]: + def get_pass_through_attributes(cls) -> tuple[str, ...]: """ A getter method for the resource attributes to be passed to auto-generated resources returns: a tuple that contains the name of all pass through attributes @@ -206,7 +207,7 @@ def get_pass_through_attributes(cls) -> Tuple[str, ...]: return tuple(cls._pass_through_attributes) @classmethod - def from_dict(cls, logical_id: str, resource_dict: Dict[str, Any], relative_id: Optional[str] = None, sam_plugins=None) -> "Resource": # type: ignore[no-untyped-def] + def from_dict(cls, logical_id: str, resource_dict: dict[str, Any], relative_id: str | None = None, sam_plugins=None) -> "Resource": # type: ignore[no-untyped-def] """Constructs a Resource object with the given logical id, based on the given resource dict. The resource dict is the value associated with the logical id in a CloudFormation template's Resources section, and takes the following format. :: @@ -257,7 +258,7 @@ def from_dict(cls, logical_id: str, resource_dict: Dict[str, Any], relative_id: return resource @staticmethod - def _validate_logical_id(logical_id: Optional[Any]) -> str: + def _validate_logical_id(logical_id: Any | None) -> str: """Validates that the provided logical id is an alphanumeric string. :param str logical_id: the logical id to validate @@ -274,7 +275,7 @@ def _validate_logical_id(logical_id: Optional[Any]) -> str: raise InvalidResourceException(str(logical_id), "Logical ids must be alphanumeric.") @classmethod - def _validate_resource_dict(cls, logical_id: str, resource_dict: Dict[str, Any]) -> None: + def _validate_resource_dict(cls, logical_id: str, resource_dict: dict[str, Any]) -> None: """Validates that the provided resource dict contains the correct Type string, and the required Properties dict. :param dict resource_dict: the resource dict to validate @@ -294,7 +295,7 @@ def _validate_resource_dict(cls, logical_id: str, resource_dict: Dict[str, Any]) if "Properties" in resource_dict and not isinstance(resource_dict["Properties"], dict): raise InvalidResourceException(logical_id, "Properties of a resource must be an object.") - def to_dict(self) -> Dict[str, Dict[str, Any]]: + def to_dict(self) -> dict[str, dict[str, Any]]: """Validates that the required properties for this Resource have been provided, then returns a dict corresponding to the given Resource object. This dict will take the format of a single entry in the Resources section of a CloudFormation template, and will take the following format. :: @@ -321,14 +322,14 @@ def to_dict(self) -> Dict[str, Dict[str, Any]]: return {self.logical_id: resource_dict} - def _generate_resource_dict(self) -> Dict[str, Any]: + def _generate_resource_dict(self) -> dict[str, Any]: """Generates the resource dict for this Resource, the value associated with the logical id in a CloudFormation template's Resources section. :returns: the resource dict for this Resource :rtype: dict """ - resource_dict: Dict[str, Any] = {"Type": self.resource_type} + resource_dict: dict[str, Any] = {"Type": self.resource_type} if self.depends_on: resource_dict["DependsOn"] = self.depends_on @@ -362,7 +363,7 @@ def __setattr__(self, name, value): # type: ignore[no-untyped-def] ) # Note: For compabitliy issue, we should ONLY use this with new abstraction/resources. - def validate_properties_and_return_model(self, cls: Type[RT], collect_all_errors: bool = False) -> RT: + def validate_properties_and_return_model(self, cls: type[RT], collect_all_errors: bool = False) -> RT: """ Given a resource properties, return a typed object from the definitions of SAM schema model @@ -382,7 +383,7 @@ def validate_properties_and_return_model(self, cls: Type[RT], collect_all_errors error_properties = ".".join(str(x) for x in e.errors()[0]["loc"]) raise InvalidResourceException(self.logical_id, f"Property '{error_properties}' is invalid.") from e - def _format_all_errors(self, errors: List[Dict[str, Any]]) -> List[str]: + def _format_all_errors(self, errors: list[dict[str, Any]]) -> list[str]: """Format all validation errors, consolidating union type errors in single pass.""" type_mapping = { "not a valid dict": "dictionary", @@ -393,7 +394,7 @@ def _format_all_errors(self, errors: List[Dict[str, Any]]) -> List[str]: } # Group errors by path in a single pass - path_to_errors: Dict[str, Dict[str, Any]] = {} + path_to_errors: dict[str, dict[str, Any]] = {} for error in errors: property_path = ".".join(str(x) for x in error["loc"]) @@ -427,7 +428,7 @@ def _format_all_errors(self, errors: List[Dict[str, Any]]) -> List[str]: return result - def _format_single_error(self, error: Dict[str, Any]) -> str: + def _format_single_error(self, error: dict[str, Any]) -> str: """Format a single Pydantic error into user-friendly message.""" property_path = ".".join(str(x) for x in error["loc"]) raw_message = error["msg"] @@ -511,7 +512,7 @@ def get_runtime_attr(self, attr_name: str) -> Any: return self.runtime_attrs[attr_name](self) - def get_passthrough_resource_attributes(self) -> Dict[str, Any]: + def get_passthrough_resource_attributes(self) -> dict[str, Any]: """ Returns a dictionary of resource attributes of the ResourceMacro that should be passed through from the main vanilla CloudFormation resource to its children. Currently only Condition is copied. @@ -524,7 +525,7 @@ def get_passthrough_resource_attributes(self) -> Dict[str, Any]: attributes[resource_attribute] = self.resource_attributes.get(resource_attribute) return attributes - def assign_tags(self, tags: Dict[str, Any]) -> None: + def assign_tags(self, tags: dict[str, Any]) -> None: """ Assigns tags to the resource. This function assumes that generated resources always have the tags property called `Tags` that takes a list of key-value objects. @@ -558,7 +559,7 @@ def resources_to_link(self, resources): # type: ignore[no-untyped-def] return {} @abstractmethod - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: """Returns a list of Resource instances, representing vanilla CloudFormation resources, to which this macro expands. The caller should be able to update their template with the expanded resources by calling :func:`to_dict` on each resource returned, then updating their "Resources" mapping with the results. @@ -575,7 +576,7 @@ class ValidationRule(Enum): # Simple tuple-based rules: (rule_type, [property_names]) -PropertyRule = Tuple[ValidationRule, List[str]] +PropertyRule = tuple[ValidationRule, list[str]] class SamResourceMacro(ResourceMacro, metaclass=ABCMeta): @@ -592,7 +593,7 @@ class SamResourceMacro(ResourceMacro, metaclass=ABCMeta): # resources, there is a separate process that associates this property with LogicalId of the generated CFN resource # of the given type. - referable_properties: Dict[str, str] = {} + referable_properties: dict[str, str] = {} # Each resource can optionally override this tag: _SAM_KEY = "lambda:createdBy" @@ -611,7 +612,7 @@ def get_resource_references(self, generated_cfn_resources, supported_resource_re by to_cloudformation() on this SAM resource. Each SAM resource must provide a map of properties that it supports and the type of CFN resource this property resolves to. - :param list of Resource object generated_cfn_resources: List of CloudFormation resources generated by this + :param list of Resource object generated_cfn_resources: list of CloudFormation resources generated by this SAM resource :param samtranslator.intrinsics.resource_refs.SupportedResourceReferences supported_resource_refs: Object holding the mapping between property names and LogicalId of the generated CFN resource it maps to @@ -631,14 +632,14 @@ def get_resource_references(self, generated_cfn_resources, supported_resource_re return supported_resource_refs def _construct_tag_list( - self, tags: Optional[Dict[str, Any]], additional_tags: Optional[Dict[str, Any]] = None - ) -> List[Dict[str, Any]]: - tags_dict: Dict[str, Any] = tags or {} + self, tags: dict[str, Any] | None, additional_tags: dict[str, Any] | None = None + ) -> list[dict[str, Any]]: + tags_dict: dict[str, Any] = tags or {} if additional_tags is None: additional_tags = {} - # At this point tags is guaranteed to be a Dict[str, Any] since we set it to {} if it was falsy + # At this point tags is guaranteed to be a dict[str, Any] since we set it to {} if it was falsy for tag in self._RESERVED_TAGS: self._check_tag(tag, tags_dict) @@ -652,7 +653,7 @@ def _construct_tag_list( @staticmethod def propagate_tags_combine( - resources: List[Resource], tags: Optional[Dict[str, Any]], propagate_tags: Optional[bool] = False + resources: list[Resource], tags: dict[str, Any] | None, propagate_tags: bool | None = False ) -> None: """ Propagates tags to the resources @@ -664,7 +665,7 @@ def propagate_tags_combine( - Use this method for new resource if you want to assign combined tags, not replace. :param propagate_tags: Whether we should pass the tags to generated resources. - :param resources: List of generated resources + :param resources: list of generated resources :param tags: dictionary of tags to propagate to the resources. :return: None @@ -686,13 +687,13 @@ def propagate_tags_combine( @staticmethod def propagate_tags( - resources: List[Resource], tags: Optional[Dict[str, Any]], propagate_tags: Optional[bool] = False + resources: list[Resource], tags: dict[str, Any] | None, propagate_tags: bool | None = False ) -> None: """ Propagates tags to the resources. :param propagate_tags: Whether we should pass the tags to generated resources. - :param resources: List of generated resources + :param resources: list of generated resources :param tags: dictionary of tags to propagate to the resources. :return: None @@ -703,7 +704,7 @@ def propagate_tags( for resource in resources: resource.assign_tags(tags) - def _check_tag(self, reserved_tag_name: str, tags: Dict[str, Any]) -> None: + def _check_tag(self, reserved_tag_name: str, tags: dict[str, Any]) -> None: if reserved_tag_name in tags: raise InvalidResourceException( self.logical_id, @@ -713,7 +714,7 @@ def _check_tag(self, reserved_tag_name: str, tags: Dict[str, Any]) -> None: "input.", ) - def validate_before_transform(self, schema_class: Optional[Type[RT]], collect_all_errors: bool = False) -> None: + def validate_before_transform(self, schema_class: type[RT] | None, collect_all_errors: bool = False) -> None: if not hasattr(self, "__validation_rules__"): return @@ -751,7 +752,7 @@ def validate_before_transform(self, schema_class: Optional[Type[RT]], collect_al if error_messages: raise InvalidResourceException(self.logical_id, "\n".join(error_messages)) - def _combine_string(self, words: List[str]) -> str: + def _combine_string(self, words: list[str]) -> str: return ", ".join(words[:-1]) + (" and " + words[-1] if len(words) > 1 else words[0] if words else "") def _get_property_value(self, prop: str, validated_model: Any = None) -> Any: @@ -799,13 +800,13 @@ def __init__(self, *modules: Any) -> None: ): self.resource_types[resource_class.resource_type] = resource_class - def can_resolve(self, resource_dict: Dict[str, Any]) -> bool: + def can_resolve(self, resource_dict: dict[str, Any]) -> bool: if not isinstance(resource_dict, dict) or not isinstance(resource_dict.get("Type"), str): return False return resource_dict["Type"] in self.resource_types - def resolve_resource_type(self, resource_dict: Dict[str, Any]) -> Any: + def resolve_resource_type(self, resource_dict: dict[str, Any]) -> Any: """Returns the Resource class corresponding to the 'Type' key in the given resource dict. :param dict resource_dict: the resource dict to resolve @@ -824,7 +825,7 @@ def resolve_resource_type(self, resource_dict: Dict[str, Any]) -> Any: class ResourceResolver: - def __init__(self, resources: Dict[str, Dict[str, Any]]) -> None: + def __init__(self, resources: dict[str, dict[str, Any]]) -> None: """ Instantiate the resolver :param dict resources: Map of resource @@ -834,11 +835,11 @@ def __init__(self, resources: Dict[str, Dict[str, Any]]) -> None: raise TypeError("'Resources' is either null or not a valid dictionary.") self.resources = resources - def get_all_resources(self) -> Dict[str, Any]: + def get_all_resources(self) -> dict[str, Any]: """Return a dictionary of all resources from the SAM template.""" return self.resources - def get_resource_by_logical_id(self, _input: str) -> Optional[Dict[str, Any]]: + def get_resource_by_logical_id(self, _input: str) -> dict[str, Any] | None: """ Recursively find resource with matching Logical ID that are present in the template and returns the value. If it is not in template, this method simply returns the input unchanged. @@ -852,7 +853,7 @@ def get_resource_by_logical_id(self, _input: str) -> Optional[Dict[str, Any]]: return self.resources.get(_input, None) -__all__: List[str] = [ +__all__: list[str] = [ "IS_DICT", "IS_STR", "MutatedPassThroughProperty", diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index 10af5ed825..83dee7a1d6 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -1,7 +1,7 @@ import logging from collections import namedtuple from dataclasses import dataclass -from typing import Any, Dict, List, Optional, Set, Tuple, Union, cast +from typing import Any, Union, cast from samtranslator.feature_toggle.feature_toggle import FeatureToggle from samtranslator.metrics.method_decorator import cw_timer @@ -77,15 +77,15 @@ @dataclass class ApiDomainResponse: - domain: Optional[ApiGatewayDomainName] - apigw_basepath_mapping_list: Optional[List[ApiGatewayBasePathMapping]] + domain: ApiGatewayDomainName | None + apigw_basepath_mapping_list: list[ApiGatewayBasePathMapping] | None recordset_group: Any @dataclass class ApiDomainResponseV2: - domain: Optional[ApiGatewayDomainNameV2] - apigw_basepath_mapping_list: Optional[List[ApiGatewayBasePathMappingV2]] + domain: ApiGatewayDomainNameV2 | None + apigw_basepath_mapping_list: list[ApiGatewayBasePathMappingV2] | None recordset_group: Any domain_access_association: Any @@ -100,15 +100,15 @@ class SharedApiUsagePlan: def __init__(self) -> None: self.usage_plan_shared = False - self.stage_keys_shared: List[str] = [] - self.api_stages_shared: List[str] = [] - self.depends_on_shared: List[str] = [] + self.stage_keys_shared: list[str] = [] + self.api_stages_shared: list[str] = [] + self.depends_on_shared: list[str] = [] # shared resource level attributes - self.conditions: Set[str] = set() + self.conditions: set[str] = set() self.any_api_without_condition = False - self.deletion_policy: Optional[str] = None - self.update_replace_policy: Optional[str] = None + self.deletion_policy: str | None = None + self.update_replace_policy: str | None = None def get_combined_resource_attributes(self, resource_attributes, conditions): # type: ignore[no-untyped-def] """ @@ -117,9 +117,9 @@ def get_combined_resource_attributes(self, resource_attributes, conditions): # Parameters ---------- - resource_attributes: Dict[str] + resource_attributes: dict[str] A dictionary of resource level attributes of the API resource - conditions: Dict[str] + conditions: dict[str] Conditions section of the template """ self._set_deletion_policy(resource_attributes.get("DeletionPolicy")) # type: ignore[no-untyped-call] @@ -186,42 +186,43 @@ class ApiGenerator: def __init__( # noqa: PLR0913 self, logical_id: str, - cache_cluster_enabled: Optional[Intrinsicable[bool]], - cache_cluster_size: Optional[Intrinsicable[str]], - variables: Optional[Dict[str, Any]], - depends_on: Optional[List[str]], - definition_body: Optional[Dict[str, Any]], - definition_uri: Optional[Intrinsicable[str]], - name: Optional[Intrinsicable[str]], - stage_name: Optional[Intrinsicable[str]], + cache_cluster_enabled: Intrinsicable[bool] | None, + cache_cluster_size: Intrinsicable[str] | None, + variables: dict[str, Any] | None, + depends_on: list[str] | None, + definition_body: dict[str, Any] | None, + definition_uri: Intrinsicable[str] | None, + name: Intrinsicable[str] | None, + stage_name: Intrinsicable[str] | None, shared_api_usage_plan: Any, template_conditions: Any, - merge_definitions: Optional[bool] = None, - tags: Optional[Dict[str, Any]] = None, - endpoint_configuration: Optional[Dict[str, Any]] = None, - method_settings: Optional[List[Any]] = None, - binary_media: Optional[List[Any]] = None, - minimum_compression_size: Optional[Intrinsicable[int]] = None, - disable_execute_api_endpoint: Optional[Intrinsicable[bool]] = None, - cors: Optional[Intrinsicable[str]] = None, - auth: Optional[Dict[str, Any]] = None, - gateway_responses: Optional[Dict[str, Any]] = None, - access_log_setting: Optional[Dict[str, Any]] = None, - canary_setting: Optional[Dict[str, Any]] = None, - tracing_enabled: Optional[Intrinsicable[bool]] = None, - resource_attributes: Optional[Dict[str, Any]] = None, - passthrough_resource_attributes: Optional[Dict[str, Any]] = None, - open_api_version: Optional[Intrinsicable[str]] = None, - models: Optional[Dict[str, Any]] = None, - domain: Optional[Dict[str, Any]] = None, - fail_on_warnings: Optional[Intrinsicable[bool]] = None, - description: Optional[Intrinsicable[str]] = None, - mode: Optional[Intrinsicable[str]] = None, - api_key_source_type: Optional[Intrinsicable[str]] = None, - always_deploy: Optional[bool] = False, - feature_toggle: Optional[FeatureToggle] = None, - policy: Optional[Union[Dict[str, Any], Intrinsicable[str]]] = None, - security_policy: Optional[Intrinsicable[str]] = None, + merge_definitions: bool | None = None, + tags: dict[str, Any] | None = None, + endpoint_configuration: dict[str, Any] | None = None, + method_settings: list[Any] | None = None, + binary_media: list[Any] | None = None, + minimum_compression_size: Intrinsicable[int] | None = None, + disable_execute_api_endpoint: Intrinsicable[bool] | None = None, + cors: Intrinsicable[str] | None = None, + auth: dict[str, Any] | None = None, + gateway_responses: dict[str, Any] | None = None, + access_log_setting: dict[str, Any] | None = None, + canary_setting: dict[str, Any] | None = None, + tracing_enabled: Intrinsicable[bool] | None = None, + resource_attributes: dict[str, Any] | None = None, + passthrough_resource_attributes: dict[str, Any] | None = None, + open_api_version: Intrinsicable[str] | None = None, + models: dict[str, Any] | None = None, + domain: dict[str, Any] | None = None, + fail_on_warnings: Intrinsicable[bool] | None = None, + description: Intrinsicable[str] | None = None, + mode: Intrinsicable[str] | None = None, + api_key_source_type: Intrinsicable[str] | None = None, + always_deploy: bool | None = False, + feature_toggle: FeatureToggle | None = None, + policy: Union[dict[str, Any], Intrinsicable[str]] | None = None, + security_policy: Intrinsicable[str] | None = None, + endpoint_access_mode: Intrinsicable[str] | None = None, ): """Constructs an API Generator class that generates API Gateway resources @@ -281,8 +282,9 @@ def __init__( # noqa: PLR0913 self.feature_toggle = feature_toggle self.policy = policy self.security_policy = security_policy + self.endpoint_access_mode = endpoint_access_mode - def _construct_rest_api(self) -> ApiGatewayRestApi: + def _construct_rest_api(self) -> ApiGatewayRestApi: # noqa: PLR0912 """Constructs and returns the ApiGateway RestApi. :returns: the RestApi to which this SAM Api corresponds @@ -340,6 +342,9 @@ def _construct_rest_api(self) -> ApiGatewayRestApi: if self.security_policy: rest_api.SecurityPolicy = self.security_policy + if self.endpoint_access_mode: + rest_api.EndpointAccessMode = self.endpoint_access_mode + return rest_api def _validate_properties(self) -> None: @@ -374,7 +379,7 @@ def _add_endpoint_extension(self) -> None: editor.add_disable_execute_api_endpoint_extension(self.disable_execute_api_endpoint) self.definition_body = editor.swagger - def _construct_body_s3_dict(self) -> Dict[str, Any]: + def _construct_body_s3_dict(self) -> dict[str, Any]: """Constructs the RestApi's `BodyS3Location property`_, from the SAM Api's DefinitionUri property. :returns: a BodyS3Location dict, containing the S3 Bucket, Key, and Version of the Swagger definition @@ -432,7 +437,7 @@ def _construct_deployment(self, rest_api: ApiGatewayRestApi) -> ApiGatewayDeploy return deployment def _construct_stage( - self, deployment: ApiGatewayDeployment, swagger: Optional[Dict[str, Any]], redeploy_restapi_parameters: Any + self, deployment: ApiGatewayDeployment, swagger: dict[str, Any] | None, redeploy_restapi_parameters: Any ) -> ApiGatewayStage: """Constructs and returns the ApiGateway Stage. @@ -545,20 +550,20 @@ def _construct_api_domain( # noqa: PLR0912, PLR0915 (too many branches/statemen self._set_optional_domain_properties(domain) - basepaths: Optional[List[str]] + basepaths: list[str] | None basepath_value = self.domain.get("BasePath") # Create BasepathMappings if self.domain.get("BasePath") and isinstance(basepath_value, str): basepaths = [basepath_value] elif self.domain.get("BasePath") and isinstance(basepath_value, list): - basepaths = cast(Optional[List[Any]], basepath_value) + basepaths = cast(list[Any] | None, basepath_value) else: basepaths = None # Boolean to allow/disallow symbols in BasePath property normalize_basepath = self.domain.get("NormalizeBasePath", True) - basepath_resource_list: List[ApiGatewayBasePathMapping] = [] + basepath_resource_list: list[ApiGatewayBasePathMapping] = [] if basepaths is None: basepath_mapping = self._create_basepath_mapping(api_domain_name, rest_api, None, None) @@ -654,12 +659,12 @@ def _construct_api_domain_v2( # noqa: PLR0915 self._set_optional_domain_properties(domain) - basepaths: Optional[List[str]] = self._get_basepaths() + basepaths: list[str] | None = self._get_basepaths() # Boolean to allow/disallow symbols in BasePath property normalize_basepath = self.domain.get("NormalizeBasePath", True) - basepath_resource_list: List[ApiGatewayBasePathMappingV2] = [] + basepath_resource_list: list[ApiGatewayBasePathMappingV2] = [] if basepaths is None: basepath_mapping = self._create_basepath_mapping_v2(domain_name_arn, rest_api) basepath_resource_list.extend([basepath_mapping]) @@ -724,14 +729,14 @@ def _construct_api_domain_v2( # noqa: PLR0915 return ApiDomainResponseV2(domain, basepath_resource_list, record_set_group, domain_access_association_resource) - def _get_basepaths(self) -> Optional[List[str]]: + def _get_basepaths(self) -> list[str] | None: if self.domain is None: return None basepath_value = self.domain.get("BasePath") if self.domain.get("BasePath") and isinstance(basepath_value, str): return [basepath_value] if self.domain.get("BasePath") and isinstance(basepath_value, list): - return cast(Optional[List[Any]], basepath_value) + return cast(list[Any] | None, basepath_value) return None def _set_optional_domain_properties(self, domain: Union[ApiGatewayDomainName, ApiGatewayDomainNameV2]) -> None: @@ -739,12 +744,14 @@ def _set_optional_domain_properties(self, domain: Union[ApiGatewayDomainName, Ap return if self.domain.get("SecurityPolicy", None): domain.SecurityPolicy = self.domain["SecurityPolicy"] + if self.domain.get("EndpointAccessMode", None): + domain.EndpointAccessMode = self.domain["EndpointAccessMode"] if self.domain.get("Policy", None): domain.Policy = self.domain["Policy"] if self.domain.get("OwnershipVerificationCertificateArn", None): domain.OwnershipVerificationCertificateArn = self.domain["OwnershipVerificationCertificateArn"] - def _get_record_set_group(self, logical_id: str, route53: Dict[str, Any]) -> Route53RecordSetGroup: + def _get_record_set_group(self, logical_id: str, route53: dict[str, Any]) -> Route53RecordSetGroup: record_set_group = Route53RecordSetGroup(logical_id, attributes=self.passthrough_resource_attributes) if "HostedZoneId" in route53: record_set_group.HostedZoneId = route53.get("HostedZoneId") @@ -754,7 +761,7 @@ def _get_record_set_group(self, logical_id: str, route53: Dict[str, Any]) -> Rou return record_set_group def _construct_single_record_set_group( - self, domain: Dict[str, Any], api_domain_name: str, route53: Any + self, domain: dict[str, Any], api_domain_name: str, route53: Any ) -> Route53RecordSetGroup: hostedZoneId = route53.get("HostedZoneId") hostedZoneName = route53.get("HostedZoneName") @@ -773,8 +780,8 @@ def _construct_single_record_set_group( return record_set_group def _construct_record_sets_for_domain( - self, custom_domain_config: Dict[str, Any], api_domain_name: str, route53_config: Dict[str, Any] - ) -> List[Dict[str, Any]]: + self, custom_domain_config: dict[str, Any], api_domain_name: str, route53_config: dict[str, Any] + ) -> list[dict[str, Any]]: recordset_list = [] alias_target = self._construct_alias_target(custom_domain_config, api_domain_name, route53_config) recordset = {} @@ -795,13 +802,13 @@ def _construct_record_sets_for_domain( return recordset_list @staticmethod - def _update_route53_routing_policy_properties(route53_config: Dict[str, Any], recordset: Dict[str, Any]) -> None: + def _update_route53_routing_policy_properties(route53_config: dict[str, Any], recordset: dict[str, Any]) -> None: if route53_config.get("Region") is not None: recordset["Region"] = route53_config.get("Region") if route53_config.get("SetIdentifier") is not None: recordset["SetIdentifier"] = route53_config.get("SetIdentifier") - def _construct_alias_target(self, domain: Dict[str, Any], api_domain_name: str, route53: Any) -> Dict[str, Any]: + def _construct_alias_target(self, domain: dict[str, Any], api_domain_name: str, route53: Any) -> dict[str, Any]: alias_target = {} target_health = route53.get("EvaluateTargetHealth") @@ -824,8 +831,8 @@ def _create_basepath_mapping( self, api_domain_name: PassThrough, rest_api: ApiGatewayRestApi, - logical_id: Optional[str], - basepath: Optional[str], + logical_id: str | None, + basepath: str | None, ) -> ApiGatewayBasePathMapping: basepath_mapping: ApiGatewayBasePathMapping @@ -856,8 +863,8 @@ def _create_basepath_mapping_v2( @cw_timer(prefix="Generator", name="Api") def to_cloudformation( - self, redeploy_restapi_parameters: Optional[Any], route53_record_set_groups: Dict[str, Route53RecordSetGroup] - ) -> List[Resource]: + self, redeploy_restapi_parameters: Any | None, route53_record_set_groups: dict[str, Route53RecordSetGroup] + ) -> list[Resource]: """Generates CloudFormation resources from a SAM API resource :returns: a tuple containing the RestApi, Deployment, and Stage for an empty Api. @@ -865,7 +872,7 @@ def to_cloudformation( """ api_domain_response: Union[ApiDomainResponseV2, ApiDomainResponse] domain: Union[Resource, None] - basepath_mapping: Union[List[ApiGatewayBasePathMapping], List[ApiGatewayBasePathMappingV2], None] + basepath_mapping: Union[list[ApiGatewayBasePathMapping], list[ApiGatewayBasePathMappingV2], None] rest_api = self._construct_rest_api() is_private_domain = isinstance(self.domain, dict) and self.domain.get("EndpointConfiguration") == "PRIVATE" api_domain_response = ( @@ -895,16 +902,16 @@ def to_cloudformation( permissions = self._construct_authorizer_lambda_permission() usage_plan = self._construct_usage_plan(rest_api_stage=stage) - # mypy complains if the type in List doesn't match exactly + # mypy complains if the type in list doesn't match exactly # TODO: refactor to have a list of single resource - generated_resources: List[ + generated_resources: list[ Union[ - Optional[Resource], - List[Resource], - Tuple[Resource], - List[LambdaPermission], - List[ApiGatewayBasePathMapping], - List[ApiGatewayBasePathMappingV2], + Resource | None, + list[Resource], + tuple[Resource], + list[LambdaPermission], + list[ApiGatewayBasePathMapping], + list[ApiGatewayBasePathMappingV2], ], ] = [] @@ -925,7 +932,7 @@ def to_cloudformation( generated_resources.append(domain_access_association) # Make a list of single resources - generated_resources_list: List[Resource] = [] + generated_resources_list: list[Resource] = [] for resource in generated_resources: if resource: if isinstance(resource, (list, tuple)): @@ -982,7 +989,7 @@ def _add_cors(self) -> None: editor = SwaggerEditor(self.definition_body) # Track normalized paths to avoid duplicate OPTIONS methods for paths that differ only by trailing slash # API Gateway treats /path and /path/ as the same resource, so we normalize before adding CORS - normalized_paths_processed: Set[str] = set() + normalized_paths_processed: set[str] = set() for path in editor.iter_on_path(): # Normalize path by removing trailing slash (except for root path "/") @@ -1078,7 +1085,7 @@ def _add_auth(self) -> None: self.definition_body = self._openapi_postprocess(swagger_editor.swagger) - def _construct_usage_plan(self, rest_api_stage: Optional[ApiGatewayStage] = None) -> Any: # noqa: PLR0912 + def _construct_usage_plan(self, rest_api_stage: ApiGatewayStage | None = None) -> Any: # noqa: PLR0912 """Constructs and returns the ApiGateway UsagePlan, ApiGateway UsagePlanKey, ApiGateway ApiKey for Auth. :param model.apigateway.ApiGatewayStage stage: the stage of rest api @@ -1101,7 +1108,7 @@ def _construct_usage_plan(self, rest_api_stage: Optional[ApiGatewayStage] = None raise InvalidResourceException(self.logical_id, "Invalid property for 'UsagePlan'") create_usage_plan = usage_plan_properties.get("CreateUsagePlan") - usage_plan: Optional[ApiGatewayUsagePlan] = None + usage_plan: ApiGatewayUsagePlan | None = None api_key = None usage_plan_key = None @@ -1339,7 +1346,7 @@ def _add_models(self) -> None: self.definition_body = self._openapi_postprocess(swagger_editor.swagger) - def _openapi_postprocess(self, definition_body: Dict[str, Any]) -> Dict[str, Any]: # noqa: PLR0912 + def _openapi_postprocess(self, definition_body: dict[str, Any]) -> dict[str, Any]: # noqa: PLR0912 """ Convert definitions to openapi 3 in definition body if OpenApiVersion flag is specified. @@ -1485,7 +1492,7 @@ def _get_permission(self, authorizer_name, authorizer_lambda_function_arn): # t return lambda_permission - def _construct_authorizer_lambda_permission(self) -> List[LambdaPermission]: + def _construct_authorizer_lambda_permission(self) -> list[LambdaPermission]: if not self.auth: return [] @@ -1510,7 +1517,7 @@ def _construct_authorizer_lambda_permission(self) -> List[LambdaPermission]: def _set_default_authorizer( self, swagger_editor: SwaggerEditor, - authorizers: Dict[str, ApiGatewayAuthorizer], + authorizers: dict[str, ApiGatewayAuthorizer], default_authorizer: str, add_default_auth_to_preflight: bool = True, ) -> None: @@ -1543,7 +1550,7 @@ def _set_default_apikey_required(self, swagger_editor: SwaggerEditor, required_o for path in swagger_editor.iter_on_path(): swagger_editor.set_path_default_apikey_required(path, required_options_api_key) - def _set_endpoint_configuration(self, rest_api: ApiGatewayRestApi, value: Union[str, Dict[str, Any]]) -> None: + def _set_endpoint_configuration(self, rest_api: ApiGatewayRestApi, value: Union[str, dict[str, Any]]) -> None: """ Sets endpoint configuration property of AWS::ApiGateway::RestApi resource :param rest_api: RestApi resource @@ -1575,8 +1582,8 @@ def _set_endpoint_configuration(self, rest_api: ApiGatewayRestApi, value: Union[ def _generate_domain_access_association( self, - domain_access_association: Dict[str, Any], - domain_name_arn: Dict[str, str], + domain_access_association: dict[str, Any], + domain_name_arn: dict[str, str], domain_logical_id: str, ) -> ApiGatewayDomainNameAccessAssociation: """ diff --git a/samtranslator/model/api/apiv2_generator.py b/samtranslator/model/api/apiv2_generator.py index 959c2f5ab5..9c6c18627c 100644 --- a/samtranslator/model/api/apiv2_generator.py +++ b/samtranslator/model/api/apiv2_generator.py @@ -1,5 +1,5 @@ import re -from typing import Any, Dict, List, Optional, Tuple, cast +from typing import Any, cast from samtranslator.model.apigatewayv2 import ApiGatewayV2Api, ApiGatewayV2ApiMapping, ApiGatewayV2DomainName from samtranslator.model.exceptions import InvalidResourceException @@ -16,18 +16,18 @@ class ApiV2Generator: def __init__( # noqa: PLR0913 self, logical_id: str, - stage_variables: Optional[Dict[str, Intrinsicable[str]]], - depends_on: Optional[List[str]], - access_log_settings: Optional[Dict[str, Intrinsicable[str]]] = None, - default_route_settings: Optional[Dict[str, Any]] = None, - description: Optional[Intrinsicable[str]] = None, - disable_execute_api_endpoint: Optional[Intrinsicable[bool]] = None, - domain: Optional[Dict[str, Any]] = None, + stage_variables: dict[str, Intrinsicable[str]] | None, + depends_on: list[str] | None, + access_log_settings: dict[str, Intrinsicable[str]] | None = None, + default_route_settings: dict[str, Any] | None = None, + description: Intrinsicable[str] | None = None, + disable_execute_api_endpoint: Intrinsicable[bool] | None = None, + domain: dict[str, Any] | None = None, # ip address type? - passthrough_resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - route_settings: Optional[Dict[str, Any]] = None, - tags: Optional[Dict[str, Intrinsicable[str]]] = None, + passthrough_resource_attributes: dict[str, Intrinsicable[str]] | None = None, + resource_attributes: dict[str, Intrinsicable[str]] | None = None, + route_settings: dict[str, Any] | None = None, + tags: dict[str, Intrinsicable[str]] | None = None, ) -> None: """Constructs an API Generator class that generates API Gateway resources @@ -55,11 +55,11 @@ def __init__( # noqa: PLR0913 self.default_tag_name = "" def _construct_api_domain( # noqa: PLR0912, PLR0915 - self, api: ApiGatewayV2Api, route53_record_set_groups: Dict[str, Route53RecordSetGroup] - ) -> Tuple[ - Optional[ApiGatewayV2DomainName], - Optional[List[ApiGatewayV2ApiMapping]], - Optional[Route53RecordSetGroup], + self, api: ApiGatewayV2Api, route53_record_set_groups: dict[str, Route53RecordSetGroup] + ) -> tuple[ + ApiGatewayV2DomainName | None, + list[ApiGatewayV2ApiMapping] | None, + Route53RecordSetGroup | None, ]: """ Constructs and returns the ApiGateway Domain and BasepathMapping @@ -138,12 +138,12 @@ def _construct_api_domain( # noqa: PLR0912, PLR0915 ) # Create BasepathMappings - basepaths: Optional[List[str]] + basepaths: list[str] | None basepath_value = self.domain.get("BasePath") if basepath_value and isinstance(basepath_value, str): basepaths = [basepath_value] elif basepath_value and isinstance(basepath_value, list): - basepaths = cast(Optional[List[str]], basepath_value) + basepaths = cast(list[str] | None, basepath_value) else: basepaths = None basepath_resource_list = self._construct_basepath_mappings(basepaths, api, api_domain_name) @@ -157,10 +157,10 @@ def _construct_api_domain( # noqa: PLR0912, PLR0915 def _construct_route53_recordsetgroup( self, - custom_domain_config: Dict[str, Any], - route53_record_set_groups: Dict[str, Route53RecordSetGroup], + custom_domain_config: dict[str, Any], + route53_record_set_groups: dict[str, Route53RecordSetGroup], api_domain_name: str, - ) -> Optional[Route53RecordSetGroup]: + ) -> Route53RecordSetGroup | None: route53_config = custom_domain_config.get("Route53") if route53_config is None: return None @@ -196,9 +196,9 @@ def _construct_route53_recordsetgroup( return record_set_group def _construct_basepath_mappings( - self, basepaths: Optional[List[str]], api: ApiGatewayV2Api, api_domain_name: str - ) -> List[ApiGatewayV2ApiMapping]: - basepath_resource_list: List[ApiGatewayV2ApiMapping] = [] + self, basepaths: list[str] | None, api: ApiGatewayV2Api, api_domain_name: str + ) -> list[ApiGatewayV2ApiMapping]: + basepath_resource_list: list[ApiGatewayV2ApiMapping] = [] if basepaths is None: basepath_mapping = ApiGatewayV2ApiMapping( @@ -230,8 +230,8 @@ def _construct_basepath_mappings( return basepath_resource_list def _construct_record_sets_for_domain( - self, custom_domain_config: Dict[str, Any], route53_config: Dict[str, Any], api_domain_name: str - ) -> List[Dict[str, Any]]: + self, custom_domain_config: dict[str, Any], route53_config: dict[str, Any], api_domain_name: str + ) -> list[dict[str, Any]]: recordset_list = [] recordset = {} @@ -254,15 +254,15 @@ def _construct_record_sets_for_domain( return recordset_list @staticmethod - def _update_route53_routing_policy_properties(route53_config: Dict[str, Any], recordset: Dict[str, Any]) -> None: + def _update_route53_routing_policy_properties(route53_config: dict[str, Any], recordset: dict[str, Any]) -> None: if route53_config.get("Region") is not None: recordset["Region"] = route53_config.get("Region") if route53_config.get("SetIdentifier") is not None: recordset["SetIdentifier"] = route53_config.get("SetIdentifier") def _construct_alias_target( - self, domain_config: Dict[str, Any], route53_config: Dict[str, Any], api_domain_name: str - ) -> Dict[str, Any]: + self, domain_config: dict[str, Any], route53_config: dict[str, Any], api_domain_name: str + ) -> dict[str, Any]: alias_target = {} target_health = route53_config.get("EvaluateTargetHealth") diff --git a/samtranslator/model/api/http_api_generator.py b/samtranslator/model/api/http_api_generator.py index d8f17a301f..d0c0cdec92 100644 --- a/samtranslator/model/api/http_api_generator.py +++ b/samtranslator/model/api/http_api_generator.py @@ -1,5 +1,5 @@ from collections import namedtuple -from typing import Any, Dict, List, Optional, Tuple, Union +from typing import Any, Union from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.api.apiv2_generator import ApiV2Generator @@ -37,24 +37,24 @@ class HttpApiGenerator(ApiV2Generator): def __init__( # noqa: PLR0913 self, logical_id: str, - stage_variables: Optional[Dict[str, Intrinsicable[str]]], - depends_on: Optional[List[str]], - definition_body: Optional[Dict[str, Any]], - definition_uri: Optional[Intrinsicable[str]], - name: Optional[Any], - stage_name: Optional[Intrinsicable[str]], - tags: Optional[Dict[str, Intrinsicable[str]]] = None, - auth: Optional[Dict[str, Intrinsicable[str]]] = None, - cors_configuration: Optional[Union[bool, Dict[str, Any]]] = None, - access_log_settings: Optional[Dict[str, Intrinsicable[str]]] = None, - route_settings: Optional[Dict[str, Any]] = None, - default_route_settings: Optional[Dict[str, Any]] = None, - resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - passthrough_resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - domain: Optional[Dict[str, Any]] = None, - fail_on_warnings: Optional[Intrinsicable[bool]] = None, - description: Optional[Intrinsicable[str]] = None, - disable_execute_api_endpoint: Optional[Intrinsicable[bool]] = None, + stage_variables: dict[str, Intrinsicable[str]] | None, + depends_on: list[str] | None, + definition_body: dict[str, Any] | None, + definition_uri: Intrinsicable[str] | None, + name: Any | None, + stage_name: Intrinsicable[str] | None, + tags: dict[str, Intrinsicable[str]] | None = None, + auth: dict[str, Intrinsicable[str]] | None = None, + cors_configuration: Union[bool, dict[str, Any]] | None = None, + access_log_settings: dict[str, Intrinsicable[str]] | None = None, + route_settings: dict[str, Any] | None = None, + default_route_settings: dict[str, Any] | None = None, + resource_attributes: dict[str, Intrinsicable[str]] | None = None, + passthrough_resource_attributes: dict[str, Intrinsicable[str]] | None = None, + domain: dict[str, Any] | None = None, + fail_on_warnings: Intrinsicable[bool] | None = None, + description: Intrinsicable[str] | None = None, + disable_execute_api_endpoint: Intrinsicable[bool] | None = None, ) -> None: """Constructs an API Generator class that generates API Gateway resources @@ -238,7 +238,7 @@ def _update_default_path(self) -> None: # Warnings found during import: Parse issue: attribute paths. # Resource $default should start with / (Service: AmazonApiGatewayV2; Status Code: 400; # Deployment fails when FailOnWarnings is true: https://github.com/aws/serverless-application-model/issues/2297 - paths: Dict[str, Any] = self.definition_body.get("paths", {}) + paths: dict[str, Any] = self.definition_body.get("paths", {}) if DefaultStageName in paths: paths[f"/{DefaultStageName}"] = paths.pop(DefaultStageName) @@ -302,7 +302,7 @@ def _add_tags(self) -> None: open_api_editor.add_tags(self.tags) self.definition_body = open_api_editor.openapi - def _construct_authorizer_lambda_permission(self, http_api: ApiGatewayV2HttpApi) -> List[LambdaPermission]: + def _construct_authorizer_lambda_permission(self, http_api: ApiGatewayV2HttpApi) -> list[LambdaPermission]: if not self.auth: return [] @@ -312,7 +312,7 @@ def _construct_authorizer_lambda_permission(self, http_api: ApiGatewayV2HttpApi) if not authorizers: return [] - permissions: List[LambdaPermission] = [] + permissions: list[LambdaPermission] = [] for authorizer_name, authorizer in authorizers.items(): # Construct permissions for Lambda Authorizers only @@ -336,8 +336,8 @@ def _construct_authorizer_lambda_permission(self, http_api: ApiGatewayV2HttpApi) def _set_default_authorizer( self, open_api_editor: OpenApiEditor, - authorizers: Dict[str, ApiGatewayV2Authorizer], - default_authorizer: Optional[Any], + authorizers: dict[str, ApiGatewayV2Authorizer], + default_authorizer: Any | None, ) -> None: """ Sets the default authorizer if one is given in the template @@ -367,13 +367,13 @@ def _set_default_authorizer( def _get_authorizers( self, authorizers_config: Any, enable_iam_authorizer: bool = False - ) -> Dict[str, ApiGatewayV2Authorizer]: + ) -> dict[str, ApiGatewayV2Authorizer]: """ Returns all authorizers for an API as an ApiGatewayV2Authorizer object :param authorizers_config: authorizer configuration from the API Auth section :param enable_iam_authorizer: if True add an "AWS_IAM" authorizer """ - authorizers: Dict[str, ApiGatewayV2Authorizer] = {} + authorizers: dict[str, ApiGatewayV2Authorizer] = {} if enable_iam_authorizer is True: authorizers["AWS_IAM"] = ApiGatewayV2Authorizer(is_aws_iam_authorizer=True) # type: ignore[no-untyped-call] @@ -407,7 +407,7 @@ def _get_authorizers( ) return authorizers - def _construct_body_s3_dict(self, definition_url: Union[str, Dict[str, Any]]) -> Dict[str, Any]: + def _construct_body_s3_dict(self, definition_url: Union[str, dict[str, Any]]) -> dict[str, Any]: """ Constructs the HttpApi's `BodyS3Location property`, from the SAM Api's DefinitionUri property. :returns: a BodyS3Location dict, containing the S3 Bucket, Key, and Version of the OpenApi definition @@ -437,7 +437,7 @@ def _construct_body_s3_dict(self, definition_url: Union[str, Dict[str, Any]]) -> body_s3["Version"] = s3_pointer["Version"] return body_s3 - def _construct_stage(self) -> Optional[ApiGatewayV2Stage]: + def _construct_stage(self) -> ApiGatewayV2Stage | None: """Constructs and returns the ApiGatewayV2 Stage. :returns: the Stage to which this SAM Api corresponds @@ -533,13 +533,13 @@ def _add_title(self) -> None: self.definition_body = open_api_editor.openapi @cw_timer(prefix="Generator", name="HttpApi") - def to_cloudformation(self, route53_record_set_groups: Dict[str, Route53RecordSetGroup]) -> Tuple[ + def to_cloudformation(self, route53_record_set_groups: dict[str, Route53RecordSetGroup]) -> tuple[ ApiGatewayV2HttpApi, - Optional[ApiGatewayV2Stage], - Optional[ApiGatewayV2DomainName], - Optional[List[ApiGatewayV2ApiMapping]], - Optional[Route53RecordSetGroup], - Optional[List[LambdaPermission]], + ApiGatewayV2Stage | None, + ApiGatewayV2DomainName | None, + list[ApiGatewayV2ApiMapping] | None, + Route53RecordSetGroup | None, + list[LambdaPermission] | None, ]: """Generates CloudFormation resources from a SAM HTTP API resource diff --git a/samtranslator/model/api/websocket_api_generator.py b/samtranslator/model/api/websocket_api_generator.py index be5a2b1a8b..9fe71e0fd2 100644 --- a/samtranslator/model/api/websocket_api_generator.py +++ b/samtranslator/model/api/websocket_api_generator.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, List, Optional, Tuple +from typing import Any from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model import Resource @@ -32,27 +32,27 @@ class WebSocketApiGenerator(ApiV2Generator): def __init__( # noqa: PLR0913 self, logical_id: str, - stage_name: Optional[str], - stage_variables: Optional[ - Dict[str, Intrinsicable[str]] - ], # I tried to keep presence of = None consistent with http - depends_on: Optional[List[str]], - name: Optional[str], - routes: Dict[str, Dict[str, Any]], + stage_name: Intrinsicable[str] | None, + stage_variables: ( + dict[str, Intrinsicable[str]] | None + ), # I tried to keep presence of = None consistent with http + depends_on: list[str] | None, + name: str | None, + routes: dict[str, dict[str, Any]], route_selection_expression: str, - api_key_selection_expression: Optional[Intrinsicable[str]] = None, - access_log_settings: Optional[Dict[str, Intrinsicable[str]]] = None, - auth_config: Optional[Dict[str, Any]] = None, - default_route_settings: Optional[Dict[str, Any]] = None, - description: Optional[Intrinsicable[str]] = None, - disable_execute_api_endpoint: Optional[Intrinsicable[bool]] = None, - domain: Optional[Dict[str, Any]] = None, - disable_schema_validation: Optional[Intrinsicable[bool]] = None, - ip_address_type: Optional[Intrinsicable[str]] = None, - resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - passthrough_resource_attributes: Optional[Dict[str, Intrinsicable[str]]] = None, - route_settings: Optional[Dict[str, Any]] = None, - tags: Optional[Dict[str, Intrinsicable[str]]] = None, + api_key_selection_expression: Intrinsicable[str] | None = None, + access_log_settings: dict[str, Intrinsicable[str]] | None = None, + auth_config: dict[str, Any] | None = None, + default_route_settings: dict[str, Any] | None = None, + description: Intrinsicable[str] | None = None, + disable_execute_api_endpoint: Intrinsicable[bool] | None = None, + domain: dict[str, Any] | None = None, + disable_schema_validation: Intrinsicable[bool] | None = None, + ip_address_type: Intrinsicable[str] | None = None, + resource_attributes: dict[str, Intrinsicable[str]] | None = None, + passthrough_resource_attributes: dict[str, Intrinsicable[str]] | None = None, + route_settings: dict[str, Any] | None = None, + tags: dict[str, Intrinsicable[str]] | None = None, ) -> None: """Constructs an API Generator class that generates API Gateway resources :param logical_id: Logical id of the SAM API Resource @@ -163,7 +163,7 @@ def _construct_authorizer(self) -> ApiGatewayV2WSAuthorizer: auth.Name = auth_name return auth - def _construct_authorizer_permission(self, websocket_api: ApiGatewayV2WebSocketApi) -> Optional[LambdaPermission]: + def _construct_authorizer_permission(self, websocket_api: ApiGatewayV2WebSocketApi) -> LambdaPermission | None: """Constructs Lambda Permission allowing API Gateway to invoke the authorizer function. Only needed when InvokeRole is not provided (resource-based permissions).""" if not self.auth_config or self.auth_config.get("AuthType") != AuthType.CUSTOM: @@ -183,7 +183,7 @@ def _construct_authorizer_permission(self, websocket_api: ApiGatewayV2WebSocketA websocket_api.get_runtime_attr("websocket_api_id"), ) - def _generate_route_resource_ids(self, route_key: str) -> Tuple[str, str, str]: + def _generate_route_resource_ids(self, route_key: str) -> tuple[str, str, str]: """Convert route key to a valid CloudFormation logical ID component.""" ROUTE_SUFFIX = "Route" INTEGRATION_SUFFIX = "Integration" @@ -209,7 +209,7 @@ def _sanitize_route_key(self, route_key: str) -> str: "Only $connect, $disconnect, and $default special routes are supported.", ) - def _validate_auth(self, auth_config: Dict[str, Any]) -> None: + def _validate_auth(self, auth_config: dict[str, Any]) -> None: # Use parameter `auth_config` that we know is not None, instead of `self.auth_config` auth_type = auth_config.get("AuthType") if auth_type: @@ -232,7 +232,7 @@ def _validate_auth(self, auth_config: Dict[str, Any]) -> None: ) def _construct_route( - self, route_key: str, route_id: str, integration_id: str, route_spec: Dict[str, Any] + self, route_key: str, route_id: str, integration_id: str, route_spec: dict[str, Any] ) -> ApiGatewayV2Route: apigw_route = ApiGatewayV2Route(route_id, attributes=self.passthrough_resource_attributes) apigw_route.RouteKey = route_key @@ -253,7 +253,7 @@ def _construct_route( def _set_auth_type_and_return_custom_authorizer( self, route_key: str, route: ApiGatewayV2Route - ) -> Optional[ApiGatewayV2WSAuthorizer]: + ) -> ApiGatewayV2WSAuthorizer | None: if not self.auth_config: return None self._validate_auth(self.auth_config) @@ -271,7 +271,7 @@ def _set_auth_type_and_return_custom_authorizer( route.AuthorizationType = AuthType.NONE return None - def _construct_integration(self, apigw_integration_id: str, route_spec: Dict[str, Any]) -> ApiGatewayV2Integration: + def _construct_integration(self, apigw_integration_id: str, route_spec: dict[str, Any]) -> ApiGatewayV2Integration: if "FunctionArn" not in route_spec: raise InvalidResourceException(self.logical_id, "Route must have associated function.") # set up integration @@ -287,7 +287,7 @@ def _construct_integration(self, apigw_integration_id: str, route_spec: Dict[str apigw_integration.TimeoutInMillis = route_spec.get("IntegrationTimeout") return apigw_integration - def _construct_permission(self, route_key: str, perms_id: str, route_spec: Dict[str, Any]) -> LambdaPermission: + def _construct_permission(self, route_key: str, perms_id: str, route_spec: dict[str, Any]) -> LambdaPermission: if "FunctionArn" not in route_spec: raise InvalidResourceException(self.logical_id, "Route must have associated function.") # set up permissions @@ -295,21 +295,30 @@ def _construct_permission(self, route_key: str, perms_id: str, route_spec: Dict[ perms.Action = "lambda:InvokeFunction" perms.FunctionName = route_spec["FunctionArn"] perms.Principal = "apigateway.amazonaws.com" - perms.SourceArn = fnSub( - "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${" - + self.logical_id - + ".ApiId}/" - + self.stage_name - + "/" - + route_key - ) + if isinstance(self.stage_name, str): + perms.SourceArn = fnSub( + "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${" + + self.logical_id + + ".ApiId}/" + + self.stage_name + + "/" + + route_key + ) + else: + perms.SourceArn = fnSub( + "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${" + + self.logical_id + + ".ApiId}/${__StageName__}/" + + route_key, + {"__StageName__": self.stage_name}, + ) return perms - def _construct_route_infr(self, route_key: str, route_spec: Dict[str, Any]) -> Tuple[ + def _construct_route_infr(self, route_key: str, route_spec: dict[str, Any]) -> tuple[ ApiGatewayV2Route, ApiGatewayV2Integration, LambdaPermission, - Optional[ApiGatewayV2WSAuthorizer], + ApiGatewayV2WSAuthorizer | None, ]: # set up names apigw_route_id, apigw_integration_id, perms_id = self._generate_route_resource_ids(route_key) @@ -321,7 +330,7 @@ def _construct_route_infr(self, route_key: str, route_spec: Dict[str, Any]) -> T return apigw_route, apigw_integration, permissions, apigw_auth # Mostly taken from http - def _construct_stage(self) -> Optional[ApiGatewayV2Stage]: + def _construct_stage(self) -> ApiGatewayV2Stage | None: """Constructs and returns the ApiGatewayV2 Stage. :returns: the Stage to which this SAM Api corresponds @@ -354,7 +363,7 @@ def _construct_stage(self) -> Optional[ApiGatewayV2Stage]: return stage @cw_timer(prefix="Generator", name="WebSocketApi") - def _to_cloudformation(self, route53_record_set_groups: Dict[str, Route53RecordSetGroup]) -> List[Resource]: + def _to_cloudformation(self, route53_record_set_groups: dict[str, Route53RecordSetGroup]) -> list[Resource]: """Generates CloudFormation resources from a SAM WebSocket API resource :returns: a tuple containing the WebSocketApi and Stage for an empty Api. @@ -363,10 +372,10 @@ def _to_cloudformation(self, route53_record_set_groups: Dict[str, Route53RecordS domain, basepath_mapping, route53 = self._construct_api_domain(websocket_api, route53_record_set_groups) stage = self._construct_stage() - generated_resources_list: List[Resource] = [websocket_api] + generated_resources_list: list[Resource] = [websocket_api] auth = None - route_logical_ids: List[str] = [] + route_logical_ids: list[str] = [] for key, value in self.routes.items(): apigw_route, apigw_integration, permission, apigw_auth = self._construct_route_infr(key, value) # We keep all related route-integration-permission combos together diff --git a/samtranslator/model/apigateway.py b/samtranslator/model/apigateway.py index 73966d6452..5d9d447039 100644 --- a/samtranslator/model/apigateway.py +++ b/samtranslator/model/apigateway.py @@ -1,7 +1,7 @@ import json import time from re import match -from typing import Any, Dict, List, Optional, Union +from typing import Any, Union from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.exceptions import InvalidResourceException @@ -31,23 +31,25 @@ class ApiGatewayRestApi(Resource): "Tags": GeneratedProperty(), "Policy": GeneratedProperty(), "SecurityPolicy": GeneratedProperty(), + "EndpointAccessMode": GeneratedProperty(), } - Body: Optional[Dict[str, Any]] - BodyS3Location: Optional[Dict[str, Any]] - CloneFrom: Optional[PassThrough] - Description: Optional[PassThrough] - FailOnWarnings: Optional[PassThrough] - Name: Optional[PassThrough] - Parameters: Optional[Dict[str, Any]] - EndpointConfiguration: Optional[Dict[str, Any]] - BinaryMediaTypes: Optional[List[Any]] - MinimumCompressionSize: Optional[PassThrough] - Mode: Optional[PassThrough] - ApiKeySourceType: Optional[PassThrough] - Tags: Optional[PassThrough] - Policy: Optional[PassThrough] - SecurityPolicy: Optional[PassThrough] + Body: dict[str, Any] | None + BodyS3Location: dict[str, Any] | None + CloneFrom: PassThrough | None + Description: PassThrough | None + FailOnWarnings: PassThrough | None + Name: PassThrough | None + Parameters: dict[str, Any] | None + EndpointConfiguration: dict[str, Any] | None + BinaryMediaTypes: list[Any] | None + MinimumCompressionSize: PassThrough | None + Mode: PassThrough | None + ApiKeySourceType: PassThrough | None + Tags: PassThrough | None + Policy: PassThrough | None + SecurityPolicy: PassThrough | None + EndpointAccessMode: PassThrough | None runtime_attrs = {"rest_api_id": lambda self: ref(self.logical_id)} @@ -96,14 +98,14 @@ class ApiGatewayDeployment(Resource): runtime_attrs = {"deployment_id": lambda self: ref(self.logical_id)} - def make_auto_deployable( # noqa: PLR0913 + def make_auto_deployable( self, stage: ApiGatewayStage, - openapi_version: Optional[Union[Dict[str, Any], str]] = None, - swagger: Optional[Dict[str, Any]] = None, - domain: Optional[Dict[str, Any]] = None, - redeploy_restapi_parameters: Optional[Any] = None, - always_deploy: Optional[bool] = False, + openapi_version: Union[dict[str, Any], str] | None = None, + swagger: dict[str, Any] | None = None, + domain: dict[str, Any] | None = None, + redeploy_restapi_parameters: Any | None = None, + always_deploy: bool | None = False, ) -> None: """ Sets up the resource such that it will trigger a re-deployment when Swagger changes or always_deploy is true @@ -152,9 +154,9 @@ class ApiGatewayResponse: def __init__( self, api_logical_id: str, - response_parameters: Optional[Dict[str, Any]] = None, - response_templates: Optional[PassThrough] = None, - status_code: Optional[str] = None, + response_parameters: dict[str, Any] | None = None, + response_templates: PassThrough | None = None, + status_code: str | None = None, ) -> None: if response_parameters: # response_parameters has been validated in ApiGenerator._add_gateway_responses() @@ -187,7 +189,7 @@ def generate_swagger(self) -> Py27Dict: return swagger - def _add_prefixes(self, response_parameters: Dict[str, Any]) -> Dict[str, str]: + def _add_prefixes(self, response_parameters: dict[str, Any]) -> dict[str, str]: GATEWAY_RESPONSE_PREFIX = "gatewayresponse." # applying Py27Dict as this is part of swagger prefixed_parameters = Py27Dict() @@ -219,19 +221,20 @@ class ApiGatewayDomainName(Resource): "EndpointConfiguration": GeneratedProperty(), "MutualTlsAuthentication": GeneratedProperty(), "SecurityPolicy": GeneratedProperty(), + "EndpointAccessMode": GeneratedProperty(), "CertificateArn": GeneratedProperty(), "Tags": GeneratedProperty(), "OwnershipVerificationCertificateArn": GeneratedProperty(), } - RegionalCertificateArn: Optional[PassThrough] + RegionalCertificateArn: PassThrough | None DomainName: PassThrough - EndpointConfiguration: Optional[PassThrough] - MutualTlsAuthentication: Optional[Dict[str, Any]] - SecurityPolicy: Optional[PassThrough] - CertificateArn: Optional[PassThrough] - Tags: Optional[PassThrough] - OwnershipVerificationCertificateArn: Optional[PassThrough] + EndpointConfiguration: PassThrough | None + MutualTlsAuthentication: dict[str, Any] | None + SecurityPolicy: PassThrough | None + CertificateArn: PassThrough | None + Tags: PassThrough | None + OwnershipVerificationCertificateArn: PassThrough | None class ApiGatewayDomainNameV2(Resource): @@ -240,17 +243,18 @@ class ApiGatewayDomainNameV2(Resource): "DomainName": GeneratedProperty(), "EndpointConfiguration": GeneratedProperty(), "SecurityPolicy": GeneratedProperty(), + "EndpointAccessMode": GeneratedProperty(), "CertificateArn": GeneratedProperty(), "Tags": GeneratedProperty(), "Policy": GeneratedProperty(), } DomainName: PassThrough - EndpointConfiguration: Optional[PassThrough] - SecurityPolicy: Optional[PassThrough] - CertificateArn: Optional[PassThrough] - Tags: Optional[PassThrough] - Policy: Optional[PassThrough] + EndpointConfiguration: PassThrough | None + SecurityPolicy: PassThrough | None + CertificateArn: PassThrough | None + Tags: PassThrough | None + Policy: PassThrough | None class ApiGatewayBasePathMapping(Resource): @@ -331,7 +335,7 @@ def __init__( # type: ignore[no-untyped-def]# noqa: PLR0913 user_pool_arn=None, function_arn=None, identity=None, - function_payload_type: Optional[str] = None, + function_payload_type: str | None = None, function_invoke_role=None, is_aws_iam_authorizer=False, authorization_scopes=None, @@ -374,7 +378,7 @@ def __init__( # type: ignore[no-untyped-def]# noqa: PLR0913 f"Authorizers.{name}.DisableFunctionDefaultPermissions", ).to_be_a_bool() - def _is_missing_identity_source(self, identity: Dict[str, Any]) -> bool: + def _is_missing_identity_source(self, identity: dict[str, Any]) -> bool: if not identity: return True @@ -452,7 +456,7 @@ def generate_swagger(self) -> Py27Dict: return swagger - def _get_identity_validation_expression(self) -> Optional[PassThrough]: + def _get_identity_validation_expression(self) -> PassThrough | None: return self.identity and self.identity.get("ValidationExpression") @staticmethod @@ -462,8 +466,8 @@ def _build_identity_source_item(item_prefix: str, prop_value: str) -> str: return Py27UniStr(item) return item - def _build_identity_source_item_array(self, prop_key: str, item_prefix: str) -> List[str]: - arr: List[str] = [] + def _build_identity_source_item_array(self, prop_key: str, item_prefix: str) -> list[str]: + arr: list[str] = [] prop_value_list = self.identity.get(prop_key) if prop_value_list: prop_path = f"Auth.Authorizers.{self.name}.Identity.{prop_key}" @@ -492,10 +496,10 @@ def _get_identity_source(self) -> str: return identity_source - def _get_user_pool_arn_array(self) -> List[PassThrough]: + def _get_user_pool_arn_array(self) -> list[PassThrough]: return self.user_pool_arn if isinstance(self.user_pool_arn, list) else [self.user_pool_arn] - def _get_swagger_header_name(self) -> Optional[str]: + def _get_swagger_header_name(self) -> str | None: authorizer_type = self._get_type() payload_type = self._get_function_payload_type() @@ -513,7 +517,7 @@ def _get_type(self) -> str: return "LAMBDA" - def _get_identity_header(self) -> Optional[str]: + def _get_identity_header(self) -> str | None: if self.identity and not isinstance(self.identity, dict): raise InvalidResourceException( self.api_logical_id, @@ -526,13 +530,13 @@ def _get_identity_header(self) -> Optional[str]: return self.identity.get("Header") # type: ignore[no-any-return] - def _get_reauthorize_every(self) -> Optional[PassThrough]: + def _get_reauthorize_every(self) -> PassThrough | None: if not self.identity: return None return self.identity.get("ReauthorizeEvery") - def _get_function_invoke_role(self) -> Optional[PassThrough]: + def _get_function_invoke_role(self) -> PassThrough | None: if not self.function_invoke_role or self.function_invoke_role == "NONE": return None @@ -551,7 +555,7 @@ def _get_swagger_authtype(self) -> str: def _get_function_payload_type(self) -> str: return "TOKEN" if not self.function_payload_type else self.function_payload_type - def _get_swagger_authorizer_type(self) -> Optional[str]: + def _get_swagger_authorizer_type(self) -> str | None: authorizer_type = self._get_type() if authorizer_type == "COGNITO_USER_POOLS": diff --git a/samtranslator/model/apigatewayv2.py b/samtranslator/model/apigatewayv2.py index 098febf21e..ae56650518 100644 --- a/samtranslator/model/apigatewayv2.py +++ b/samtranslator/model/apigatewayv2.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, List, Optional, Union +from typing import Any, Union from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.exceptions import ExpectedType, InvalidResourceException @@ -31,7 +31,7 @@ class ApiGatewayV2HttpApi(ApiGatewayV2Api): runtime_attrs = {"http_api_id": lambda self: ref(self.logical_id)} - def assign_tags(self, tags: Dict[str, Any]) -> None: + def assign_tags(self, tags: dict[str, Any]) -> None: """Overriding default 'assign_tags' function in Resource class Function to assign tags to the resource @@ -58,7 +58,7 @@ class ApiGatewayV2WebSocketApi(ApiGatewayV2Api): runtime_attrs = {"websocket_api_id": lambda self: ref(self.logical_id)} - def assign_tags(self, tags: Dict[str, Any]) -> None: + def assign_tags(self, tags: dict[str, Any]) -> None: """Overriding default 'assign_tags' function in Resource class Function to assign tags to the resource @@ -85,9 +85,9 @@ class ApiGatewayV2Stage(Resource): } runtime_attrs = {"stage_name": lambda self: ref(self.logical_id)} - Tags: Optional[PassThrough] + Tags: PassThrough | None - def assign_tags(self, tags: Dict[str, Any]) -> None: + def assign_tags(self, tags: dict[str, Any]) -> None: """Overriding default 'assign_tags' function in Resource class Function to assign tags to the resource @@ -108,11 +108,11 @@ class ApiGatewayV2DomainName(Resource): } DomainName: Intrinsicable[str] - DomainNameConfigurations: Optional[List[Dict[str, Any]]] - MutualTlsAuthentication: Optional[Dict[str, Any]] - Tags: Optional[PassThrough] + DomainNameConfigurations: list[dict[str, Any]] | None + MutualTlsAuthentication: dict[str, Any] | None + Tags: PassThrough | None - def assign_tags(self, tags: Dict[str, Any]) -> None: + def assign_tags(self, tags: dict[str, Any]) -> None: """Overriding default 'assign_tags' function in Resource class Function to assign tags to the resource @@ -152,7 +152,7 @@ class ApiGatewayV2Route(Resource): # https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-authorizers-authorizerid.html#apis-apiid-authorizers-authorizerid-model-jwtconfiguration # Change to TypedDict when we don't have to support Python 3.7 -JwtConfiguration = Dict[str, Union[str, List[str]]] +JwtConfiguration = dict[str, Union[str, list[str]]] class ApiGatewayV2Integration(Resource): @@ -205,9 +205,7 @@ def __init__( # type: ignore[no-untyped-def] # noqa: PLR0913 self.api_logical_id = api_logical_id self.name = name self.authorization_scopes = authorization_scopes - self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration( - jwt_configuration, api_logical_id - ) + self.jwt_configuration: JwtConfiguration | None = self._get_jwt_configuration(jwt_configuration, api_logical_id) self.id_source = id_source self.function_arn = function_arn self.function_invoke_role = function_invoke_role @@ -242,54 +240,48 @@ def _get_auth_type(self) -> str: return "JWT" return "REQUEST" + # Maps each authorizer type to the set of properties it accepts + ALLOWED_PROPERTIES = { + "JWT": {"authorization_scopes", "jwt_configuration", "id_source"}, + "REQUEST": { + "function_arn", + "function_invoke_role", + "identity", + "authorizer_payload_format_version", + "enable_simple_responses", + "enable_function_default_permissions", + }, + "AWS_IAM": set(), + } + + # Maps internal attr name to (display name, error hint) + PROPERTY_DISPLAY = { + "authorization_scopes": ("AuthorizationScopes", "OAuth2 Authorizer"), + "jwt_configuration": ("JwtConfiguration", "OAuth2 Authorizer"), + "id_source": ( + "IdentitySource", + "OAuth2 Authorizer. For Lambda Authorizer, use the 'Identity' property instead", + ), + "function_arn": ("FunctionArn", "Lambda Authorizer"), + "function_invoke_role": ("FunctionInvokeRole", "Lambda Authorizer"), + "identity": ("Identity", "Lambda Authorizer"), + "authorizer_payload_format_version": ("AuthorizerPayloadFormatVersion", "Lambda Authorizer"), + "enable_simple_responses": ("EnableSimpleResponses", "Lambda Authorizer"), + "enable_function_default_permissions": ("EnableFunctionDefaultPermissions", "Lambda Authorizer"), + } + def _validate_input_parameters(self) -> None: authorizer_type = self._get_auth_type() if self.authorization_scopes is not None and not isinstance(self.authorization_scopes, list): raise InvalidResourceException(self.api_logical_id, "AuthorizationScopes must be a list.") - if self.authorization_scopes is not None and not authorizer_type == "JWT": - raise InvalidResourceException( - self.api_logical_id, "AuthorizationScopes must be defined only for OAuth2 Authorizer." - ) - - if self.jwt_configuration is not None and not authorizer_type == "JWT": - raise InvalidResourceException( - self.api_logical_id, "JwtConfiguration must be defined only for OAuth2 Authorizer." - ) - - if self.id_source is not None and not authorizer_type == "JWT": - raise InvalidResourceException( - self.api_logical_id, "IdentitySource must be defined only for OAuth2 Authorizer." - ) - - if self.function_arn is not None and not authorizer_type == "REQUEST": - raise InvalidResourceException( - self.api_logical_id, "FunctionArn must be defined only for Lambda Authorizer." - ) - - if self.function_invoke_role is not None and not authorizer_type == "REQUEST": - raise InvalidResourceException( - self.api_logical_id, "FunctionInvokeRole must be defined only for Lambda Authorizer." - ) - - if self.identity is not None and not authorizer_type == "REQUEST": - raise InvalidResourceException(self.api_logical_id, "Identity must be defined only for Lambda Authorizer.") - - if self.authorizer_payload_format_version is not None and not authorizer_type == "REQUEST": - raise InvalidResourceException( - self.api_logical_id, "AuthorizerPayloadFormatVersion must be defined only for Lambda Authorizer." - ) - - if self.enable_simple_responses is not None and not authorizer_type == "REQUEST": - raise InvalidResourceException( - self.api_logical_id, "EnableSimpleResponses must be defined only for Lambda Authorizer." - ) - - if self.enable_function_default_permissions is not None and authorizer_type != "REQUEST": - raise InvalidResourceException( - self.api_logical_id, "EnableFunctionDefaultPermissions must be defined only for Lambda Authorizer." - ) + allowed = self.ALLOWED_PROPERTIES.get(authorizer_type, set()) + for attr, (display_name, allowed_for) in self.PROPERTY_DISPLAY.items(): + if getattr(self, attr) is not None and attr not in allowed: + raise InvalidResourceException( + self.api_logical_id, f"{display_name} is only supported for {allowed_for}." + ) def _validate_jwt_authorizer(self) -> None: if not self.jwt_configuration: @@ -311,12 +303,12 @@ def _validate_lambda_authorizer(self) -> None: self.api_logical_id, f"{self.name} Lambda Authorizer must define 'AuthorizerPayloadFormatVersion'." ) - def generate_openapi(self) -> Dict[str, Any]: + def generate_openapi(self) -> dict[str, Any]: """ Generates OAS for the securitySchemes section """ authorizer_type = self._get_auth_type() - openapi: Dict[str, Any] + openapi: dict[str, Any] if authorizer_type == "AWS_IAM": openapi = { @@ -384,13 +376,13 @@ def generate_openapi(self) -> Dict[str, Any]: raise ValueError(f"Unexpected authorizer_type: {authorizer_type}") return openapi - def _get_function_invoke_role(self) -> Optional[PassThrough]: + def _get_function_invoke_role(self) -> PassThrough | None: if not self.function_invoke_role or self.function_invoke_role == "NONE": return None return self.function_invoke_role - def _get_identity_source(self, auth_identity: Dict[str, Any]) -> List[str]: + def _get_identity_source(self, auth_identity: dict[str, Any]) -> list[str]: """ Generate the list of identitySource using authorizer's Identity config by flatting them. For the format of identitySource, see: @@ -402,7 +394,7 @@ def _get_identity_source(self, auth_identity: Dict[str, Any]) -> List[str]: - prefix "$stageVariables." to all values in "StageVariables" - prefix "$context." to all values in "Context" """ - identity_source: List[str] = [] + identity_source: list[str] = [] identity_property_path = f"Authorizers.{self.name}.Identity" @@ -423,8 +415,8 @@ def _get_identity_source(self, auth_identity: Dict[str, Any]) -> List[str]: @staticmethod def _get_jwt_configuration( - props: Optional[Dict[str, Union[str, List[str]]]], api_logical_id: str - ) -> Optional[JwtConfiguration]: + props: dict[str, Union[str, list[str]]] | None, api_logical_id: str + ) -> JwtConfiguration | None: """Make sure that JWT configuration dict keys are lower case. ApiGatewayV2Authorizer doesn't create `AWS::ApiGatewayV2::Authorizer` but generates diff --git a/samtranslator/model/capacity_provider/generators.py b/samtranslator/model/capacity_provider/generators.py index b79e2bf5f4..037808be3f 100644 --- a/samtranslator/model/capacity_provider/generators.py +++ b/samtranslator/model/capacity_provider/generators.py @@ -2,7 +2,7 @@ AWS::Serverless::CapacityProvider resource transformer """ -from typing import Any, Dict, List, Optional +from typing import Any from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model import Resource @@ -50,13 +50,13 @@ def __init__(self, logical_id: str, **kwargs: Any) -> None: self.passthrough_resource_attributes = kwargs.get("passthrough_resource_attributes") @cw_timer(prefix="Generator", name="CapacityProvider") - def to_cloudformation(self) -> List[Resource]: + def to_cloudformation(self) -> list[Resource]: """ Transform the capacity provider configuration to CloudFormation resources - :returns: List of CloudFormation resources + :returns: list of CloudFormation resources """ - resources: List[Resource] = [] + resources: list[Resource] = [] # Create IAM roles if not provided; if not self.operator_role: @@ -127,7 +127,7 @@ def _ensure_permissions_config(self, capacity_provider: LambdaCapacityProvider) if getattr(capacity_provider, "PermissionsConfig", None) is None: capacity_provider.PermissionsConfig = {} - def _transform_instance_requirements(self) -> Dict[str, Any]: + def _transform_instance_requirements(self) -> dict[str, Any]: """ Transform the SAM InstanceRequirements to CloudFormation format """ @@ -144,7 +144,7 @@ def _transform_instance_requirements(self) -> Dict[str, Any]: return instance_requirements - def _transform_scaling_config(self) -> Dict[str, Any]: + def _transform_scaling_config(self) -> dict[str, Any]: """ Transform the SAM ScalingConfig to CloudFormation format """ @@ -172,12 +172,12 @@ def _transform_scaling_config(self) -> Dict[str, Any]: return scaling_config - def _transform_tags(self, additional_tags: Optional[Dict[str, Any]] = None) -> List[Dict[str, str]]: + def _transform_tags(self, additional_tags: dict[str, Any] | None = None) -> list[dict[str, str]]: """ Helper function to generate tags with automatic SAM tag :param additional_tags: Optional additional tags to include - :returns: List of tag dictionaries for CloudFormation + :returns: list of tag dictionaries for CloudFormation """ tags_dict = additional_tags.copy() if additional_tags else {} tags_dict["lambda:createdBy"] = "SAM" diff --git a/samtranslator/model/capacity_provider/resources.py b/samtranslator/model/capacity_provider/resources.py index 762c59348a..d178e4590c 100644 --- a/samtranslator/model/capacity_provider/resources.py +++ b/samtranslator/model/capacity_provider/resources.py @@ -2,7 +2,7 @@ AWS::Lambda::CapacityProvider resources for SAM """ -from typing import Any, Dict, List, Optional +from typing import Any from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.intrinsics import fnGetAtt, ref @@ -25,13 +25,13 @@ class LambdaCapacityProvider(Resource): "KmsKeyArn": GeneratedProperty(), } - CapacityProviderName: Optional[Intrinsicable[str]] - VpcConfig: Dict[str, Any] - PermissionsConfig: Dict[str, Any] - Tags: Optional[List[Dict[str, Any]]] - InstanceRequirements: Optional[Dict[str, Any]] - CapacityProviderScalingConfig: Optional[Dict[str, Any]] - KmsKeyArn: Optional[Intrinsicable[str]] + CapacityProviderName: Intrinsicable[str] | None + VpcConfig: dict[str, Any] + PermissionsConfig: dict[str, Any] + Tags: list[dict[str, Any]] | None + InstanceRequirements: dict[str, Any] | None + CapacityProviderScalingConfig: dict[str, Any] | None + KmsKeyArn: Intrinsicable[str] | None runtime_attrs = { "name": lambda self: ref(self.logical_id), diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index 354bf740b7..cbc29ff264 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -1,7 +1,6 @@ from collections import namedtuple -from typing import Any, Dict, Iterable, List, Optional - -from typing_extensions import TypeGuard +from collections.abc import Iterable +from typing import Any, TypeGuard from samtranslator.model import ResourceResolver from samtranslator.model.apigateway import ApiGatewayRestApi @@ -66,7 +65,7 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource resource["DependsOn"] = deps -def replace_depends_on_logical_id(logical_id: str, replacement: List[str], resource_resolver: ResourceResolver) -> None: +def replace_depends_on_logical_id(logical_id: str, replacement: list[str], resource_resolver: ResourceResolver) -> None: """ For every resource's `DependsOn`, replace `logical_id` by `replacement`. """ @@ -100,7 +99,7 @@ def get_event_source_mappings( yield logical_id -def _is_valid_resource_reference(obj: Dict[str, Any]) -> bool: +def _is_valid_resource_reference(obj: dict[str, Any]) -> bool: id_provided = "Id" in obj # Every property in ResourceReference can be implied using 'Id', except for 'Qualifier', so users should be able to combine 'Id' and 'Qualifier' non_id_provided = len([k for k in obj if k not in ["Id", "Qualifier"]]) > 0 @@ -109,7 +108,7 @@ def _is_valid_resource_reference(obj: Dict[str, Any]) -> bool: def get_resource_reference( - obj: Dict[str, Any], resource_resolver: ResourceResolver, connecting_obj: Dict[str, Any] + obj: dict[str, Any], resource_resolver: ResourceResolver, connecting_obj: dict[str, Any] ) -> ConnectorResourceReference: if not _is_valid_resource_reference(obj): raise ConnectorResourceError( @@ -182,8 +181,8 @@ def get_resource_reference( def _get_events_rule_role( - connecting_obj_id: Optional[str], connecting_obj_arn: Optional[Any], properties: Dict[str, Any] -) -> Optional[Any]: + connecting_obj_id: str | None, connecting_obj_arn: Any | None, properties: dict[str, Any] +) -> Any | None: for target in properties.get("Targets", []): target_arn = target.get("Arn") target_logical_id = get_logical_id_from_intrinsic(target_arn) @@ -195,10 +194,10 @@ def _get_events_rule_role( def _get_resource_role_property( - connecting_obj_id: Optional[str], - connecting_obj_arn: Optional[Any], - cfn_resource_properties: Dict[str, Any], - properties: Dict[str, Any], + connecting_obj_id: str | None, + connecting_obj_arn: Any | None, + cfn_resource_properties: dict[str, Any], + properties: dict[str, Any], ) -> Any: role_property = cfn_resource_properties.get("Inputs", {}).get("Role") @@ -212,10 +211,10 @@ def _get_resource_role_property( def _get_resource_role_name( - connecting_obj_id: Optional[str], - connecting_obj_arn: Optional[Any], - cfn_resource_properties: Dict[str, Any], - properties: Dict[str, Any], + connecting_obj_id: str | None, + connecting_obj_arn: Any | None, + cfn_resource_properties: dict[str, Any], + properties: dict[str, Any], ) -> Any: role = _get_resource_role_property(connecting_obj_id, connecting_obj_arn, cfn_resource_properties, properties) if not role: @@ -228,24 +227,24 @@ def _get_resource_role_name( return ref(logical_id) -def _get_resource_queue_url(properties: Dict[str, Any]) -> Optional[Any]: +def _get_resource_queue_url(properties: dict[str, Any]) -> Any | None: return properties.get("Url") -def _get_resource_id(properties: Dict[str, Any]) -> Optional[Any]: +def _get_resource_id(properties: dict[str, Any]) -> Any | None: return properties.get("Id") -def _get_resource_name(properties: Dict[str, Any]) -> Optional[Any]: +def _get_resource_name(properties: dict[str, Any]) -> Any | None: return properties.get("Name") -def _get_resource_qualifier(properties: Dict[str, Any]) -> Optional[Any]: +def _get_resource_qualifier(properties: dict[str, Any]) -> Any | None: # Qualifier is used as the execute-api ARN suffix; by default allow whole API return properties.get("Qualifier") -def _get_resource_arn(properties: Dict[str, Any]) -> Any: +def _get_resource_arn(properties: dict[str, Any]) -> Any: # according to documentation, Ref returns ARNs for these two resource types # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#aws-resource-stepfunctions-statemachine-return-values # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html#aws-resource-sns-topic-return-values diff --git a/samtranslator/model/connector_profiles/profile.py b/samtranslator/model/connector_profiles/profile.py index 75a30b1c01..b05ce0d96c 100644 --- a/samtranslator/model/connector_profiles/profile.py +++ b/samtranslator/model/connector_profiles/profile.py @@ -2,9 +2,9 @@ import json import re from pathlib import Path -from typing import Any, Dict +from typing import Any -ConnectorProfile = Dict[str, Any] +ConnectorProfile = dict[str, Any] _PROFILE_FILE = Path(__file__).absolute().parent / "profiles.json" with _PROFILE_FILE.open(encoding="utf-8") as f: @@ -33,7 +33,7 @@ def verify_profile_variables_replaced(obj: Any) -> None: raise ValueError(f"The following variables have not been replaced: {matches}") -def profile_replace(obj: Any, replacements: Dict[str, Any]): # type: ignore[no-untyped-def] +def profile_replace(obj: Any, replacements: dict[str, Any]): # type: ignore[no-untyped-def] """ This function is used to recursively replace all keys in 'replacements' found in 'obj' with matching values in 'replacement' dictionary. @@ -57,7 +57,7 @@ def _sanitize(s: str) -> str: return "".join(c for c in s if c.isalnum()) -def _profile_replace_str(s: Any, replacements: Dict[str, Any]): # type: ignore[no-untyped-def] +def _profile_replace_str(s: Any, replacements: dict[str, Any]): # type: ignore[no-untyped-def] if not isinstance(s, str): return s res = {} diff --git a/samtranslator/model/eventsources/cloudwatchlogs.py b/samtranslator/model/eventsources/cloudwatchlogs.py index aaca4c4b7d..5acc19404d 100644 --- a/samtranslator/model/eventsources/cloudwatchlogs.py +++ b/samtranslator/model/eventsources/cloudwatchlogs.py @@ -1,4 +1,4 @@ -from typing import Any, Dict +from typing import Any from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model import PropertyType @@ -40,7 +40,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] subscription_filter = self.get_subscription_filter(function, permission) # type: ignore[no-untyped-call] return [permission, subscription_filter] - def get_source_arn(self) -> Dict[str, Any]: + def get_source_arn(self) -> dict[str, Any]: resource = "log-group:${__LogGroupName__}:*" partition = ArnGenerator.get_partition_name() diff --git a/samtranslator/model/eventsources/pull.py b/samtranslator/model/eventsources/pull.py index 8719ac037c..dd1158d12f 100644 --- a/samtranslator/model/eventsources/pull.py +++ b/samtranslator/model/eventsources/pull.py @@ -1,5 +1,5 @@ from abc import ABCMeta, abstractmethod -from typing import Any, Dict, List, Optional, Tuple +from typing import Any from samtranslator.internal.deprecation_control import deprecated from samtranslator.intrinsics.resolver import IntrinsicsResolver @@ -36,7 +36,7 @@ class PullEventSource(ResourceMacro, metaclass=ABCMeta): # TODO: Make `PullEventSource` an abstract class and not giving `resource_type` initial value. resource_type: str = None # type: ignore relative_id: str # overriding the Optional[str]: for event, relative id is not None - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { "BatchSize": PropertyType(False, IS_INT), "StartingPosition": PassThroughProperty(False), "StartingPositionTimestamp": PassThroughProperty(False), @@ -64,44 +64,44 @@ class PullEventSource(ResourceMacro, metaclass=ABCMeta): "LoggingConfig": PropertyType(False, IS_DICT), } - BatchSize: Optional[Intrinsicable[int]] - StartingPosition: Optional[PassThrough] - StartingPositionTimestamp: Optional[PassThrough] - Enabled: Optional[bool] - MaximumBatchingWindowInSeconds: Optional[Intrinsicable[int]] - MaximumRetryAttempts: Optional[Intrinsicable[int]] - BisectBatchOnFunctionError: Optional[Intrinsicable[bool]] - MaximumRecordAgeInSeconds: Optional[Intrinsicable[int]] - DestinationConfig: Optional[Dict[str, Any]] - ParallelizationFactor: Optional[Intrinsicable[int]] - Topics: Optional[List[Any]] - Queues: Optional[List[Any]] - SourceAccessConfigurations: Optional[List[Any]] - SecretsManagerKmsKeyId: Optional[str] - TumblingWindowInSeconds: Optional[Intrinsicable[int]] - FunctionResponseTypes: Optional[List[Any]] - KafkaBootstrapServers: Optional[List[Any]] - FilterCriteria: Optional[Dict[str, Any]] - KmsKeyArn: Optional[Intrinsicable[str]] - ConsumerGroupId: Optional[Intrinsicable[str]] - ScalingConfig: Optional[Dict[str, Any]] - ProvisionedPollerConfig: Optional[Dict[str, Any]] - SchemaRegistryConfig: Optional[Dict[str, Any]] - MetricsConfig: Optional[Dict[str, Any]] - LoggingConfig: Optional[Dict[str, Any]] + BatchSize: Intrinsicable[int] | None + StartingPosition: PassThrough | None + StartingPositionTimestamp: PassThrough | None + Enabled: bool | None + MaximumBatchingWindowInSeconds: Intrinsicable[int] | None + MaximumRetryAttempts: Intrinsicable[int] | None + BisectBatchOnFunctionError: Intrinsicable[bool] | None + MaximumRecordAgeInSeconds: Intrinsicable[int] | None + DestinationConfig: dict[str, Any] | None + ParallelizationFactor: Intrinsicable[int] | None + Topics: list[Any] | None + Queues: list[Any] | None + SourceAccessConfigurations: list[Any] | None + SecretsManagerKmsKeyId: str | None + TumblingWindowInSeconds: Intrinsicable[int] | None + FunctionResponseTypes: list[Any] | None + KafkaBootstrapServers: list[Any] | None + FilterCriteria: dict[str, Any] | None + KmsKeyArn: Intrinsicable[str] | None + ConsumerGroupId: Intrinsicable[str] | None + ScalingConfig: dict[str, Any] | None + ProvisionedPollerConfig: dict[str, Any] | None + SchemaRegistryConfig: dict[str, Any] | None + MetricsConfig: dict[str, Any] | None + LoggingConfig: dict[str, Any] | None @abstractmethod - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: """Policy to be added to the role (if a role applies).""" @abstractmethod def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: """Inline policy statements to be added to the role (if a role applies).""" @abstractmethod - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: """Return the value to assign to lambda event source mapping's EventSourceArn.""" def add_extra_eventsourcemapping_fields(self, _lambda_eventsourcemapping: LambdaEventSourceMapping) -> None: @@ -192,9 +192,9 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # noqa: P lambda_eventsourcemapping.SelfManagedKafkaEventSourceConfig["SchemaRegistryConfig"] = ( # type: ignore[attr-defined] self.SchemaRegistryConfig ) - destination_config_policy: Optional[Dict[str, Any]] = None + destination_config_policy: dict[str, Any] | None = None if self.DestinationConfig: - on_failure: Dict[str, Any] = sam_expect( + on_failure: dict[str, Any] = sam_expect( self.DestinationConfig.get("OnFailure"), self.logical_id, "DestinationConfig.OnFailure", @@ -291,7 +291,7 @@ def validate_secrets_manager_kms_key_id(self) -> None: self.SecretsManagerKmsKeyId, self.relative_id, "SecretsManagerKmsKeyId", is_sam_event=True ).to_be_a_string() - def _validate_source_access_configurations(self, supported_types: List[str], required_type: str) -> str: + def _validate_source_access_configurations(self, supported_types: list[str], required_type: str) -> str: """ Validate the SourceAccessConfigurations parameter and return the URI to be used for policy statement creation. @@ -308,7 +308,7 @@ def _validate_source_access_configurations(self, supported_types: List[str], req "Provided SourceAccessConfigurations cannot be parsed into a list.", ) - required_type_uri: Optional[str] = None + required_type_uri: str | None = None for index, conf in enumerate(self.SourceAccessConfigurations): sam_expect(conf, self.relative_id, f"SourceAccessConfigurations[{index}]", is_sam_event=True).to_be_a_map() event_type: str = sam_expect( @@ -340,7 +340,7 @@ def _validate_source_access_configurations(self, supported_types: List[str], req return required_type_uri @staticmethod - def _get_kms_decrypt_policy(secrets_manager_kms_key_id: str) -> Dict[str, Any]: + def _get_kms_decrypt_policy(secrets_manager_kms_key_id: str) -> dict[str, Any]: return { "Action": ["kms:Decrypt"], "Effect": "Allow", @@ -381,8 +381,8 @@ def validate_schema_registry_config(self) -> None: ) def get_schema_registry_permissions( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: if not self.SchemaRegistryConfig: return None @@ -434,7 +434,7 @@ def get_schema_registry_permissions( ) return statements - def get_registry_name(self, registry_uri: str) -> Optional[str]: + def get_registry_name(self, registry_uri: str) -> str | None: if isinstance(registry_uri, str) and registry_uri.startswith("arn"): parts = registry_uri.split(":") if len(parts) >= PullEventSource.ARN_SEGMENTS_COUNT and parts[ @@ -448,7 +448,7 @@ class Kinesis(PullEventSource): """Kinesis event source.""" resource_type = "Kinesis" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Stream": PassThroughProperty(True), "StartingPosition": PassThroughProperty(True), @@ -456,15 +456,15 @@ class Kinesis(PullEventSource): Stream: PassThrough - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Stream - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaKinesisExecutionRole") def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: return None @@ -472,7 +472,7 @@ class DynamoDB(PullEventSource): """DynamoDB Streams event source.""" resource_type = "DynamoDB" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Stream": PassThroughProperty(True), "StartingPosition": PassThroughProperty(True), @@ -480,15 +480,15 @@ class DynamoDB(PullEventSource): Stream: PassThrough - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Stream - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaDynamoDBExecutionRole") def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: return None @@ -496,22 +496,22 @@ class SQS(PullEventSource): """SQS Queue event source.""" resource_type = "SQS" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Queue": PassThroughProperty(True), } Queue: PassThrough - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Queue - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaSQSQueueExecutionRole") def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: return None @@ -519,7 +519,7 @@ class MSK(PullEventSource): """MSK event source.""" resource_type = "MSK" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Stream": PassThroughProperty(True), "StartingPosition": PassThroughProperty(True), @@ -527,16 +527,16 @@ class MSK(PullEventSource): Stream: PassThrough - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Stream - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaMSKExecutionRole") def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: - statements: List[Dict[str, Any]] = [] + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: + statements: list[dict[str, Any]] = [] if self.SchemaRegistryConfig: schema_registry_statements = self.get_schema_registry_permissions(intrinsic_resolver) if schema_registry_statements is not None: @@ -563,14 +563,14 @@ class MQ(PullEventSource): """MQ event source.""" resource_type = "MQ" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Broker": PassThroughProperty(True), "DynamicPolicyName": Property(False, IS_BOOL), } Broker: PassThrough - DynamicPolicyName: Optional[bool] + DynamicPolicyName: bool | None @property def _policy_name(self) -> str: @@ -607,15 +607,15 @@ def _policy_name(self) -> str: """ return f"{self.logical_id}AMQPolicy" if self.DynamicPolicyName else "SamAutoGeneratedAMQPolicy" - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Broker - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return None def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: basic_auth_uri = self._validate_source_access_configurations(["BASIC_AUTH", "VIRTUAL_HOST"], "BASIC_AUTH") document = { @@ -666,15 +666,15 @@ class SelfManagedKafka(PullEventSource): "CLIENT_CERTIFICATE_TLS_AUTH", ] - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return None - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return None def get_policy_statements( - self, intrinsic_resolver: Optional[IntrinsicsResolver] = None - ) -> Optional[List[Dict[str, Any]]]: + self, intrinsic_resolver: IntrinsicsResolver | None = None + ) -> list[dict[str, Any]] | None: if not self.KafkaBootstrapServers: raise InvalidEventException( self.relative_id, @@ -702,7 +702,7 @@ def get_policy_statements( return [document] def generate_policy_document( # type: ignore[no-untyped-def] - self, source_access_configurations: List[Any], intrinsic_resolver: Optional[IntrinsicsResolver] = None + self, source_access_configurations: list[Any], intrinsic_resolver: IntrinsicsResolver | None = None ): statements = [] authentication_uri, authentication_uri_2, has_vpc_config = self.get_secret_key(source_access_configurations) @@ -737,7 +737,7 @@ def generate_policy_document( # type: ignore[no-untyped-def] "PolicyName": "SelfManagedKafkaExecutionRolePolicy", } - def get_secret_key(self, source_access_configurations: List[Any]) -> Tuple[Optional[str], Optional[str], bool]: + def get_secret_key(self, source_access_configurations: list[Any]) -> tuple[str | None, str | None, bool]: authentication_uri = None has_vpc_subnet = False has_vpc_security_group = False @@ -784,7 +784,7 @@ def get_secret_key(self, source_access_configurations: List[Any]) -> Tuple[Optio ) return authentication_uri, authentication_uri_2, (has_vpc_subnet and has_vpc_security_group) - def validate_uri(self, uri: Optional[Any], msg: str) -> None: + def validate_uri(self, uri: Any | None, msg: str) -> None: if not uri: raise InvalidEventException( self.relative_id, @@ -804,7 +804,7 @@ def get_secret_manager_secret(self, authentication_uri): # type: ignore[no-unty "Resource": authentication_uri, } - def get_vpc_permission(self) -> Dict[str, Any]: + def get_vpc_permission(self) -> dict[str, Any]: return { "Action": [ "ec2:CreateNetworkInterface", @@ -820,7 +820,7 @@ def get_vpc_permission(self) -> Dict[str, Any]: @staticmethod @deprecated() - def get_kms_policy(secrets_manager_kms_key_id: str) -> Dict[str, Any]: + def get_kms_policy(secrets_manager_kms_key_id: str) -> dict[str, Any]: return { "Action": ["kms:Decrypt"], "Effect": "Allow", @@ -835,7 +835,7 @@ class DocumentDB(PullEventSource): """DocumentDB event source.""" resource_type = "DocumentDB" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { **PullEventSource.property_types, "Cluster": PassThroughProperty(True), "DatabaseName": PassThroughProperty(True), @@ -845,8 +845,8 @@ class DocumentDB(PullEventSource): Cluster: PassThrough DatabaseName: PassThrough - CollectionName: Optional[PassThrough] - FullDocument: Optional[PassThrough] + CollectionName: PassThrough | None + FullDocument: PassThrough | None def add_extra_eventsourcemapping_fields(self, lambda_eventsourcemapping: LambdaEventSourceMapping) -> None: lambda_eventsourcemapping.DocumentDBEventSourceConfig = { @@ -857,13 +857,13 @@ def add_extra_eventsourcemapping_fields(self, lambda_eventsourcemapping: LambdaE if self.FullDocument: lambda_eventsourcemapping.DocumentDBEventSourceConfig["FullDocument"] = self.FullDocument # type: ignore[attr-defined] - def get_event_source_arn(self) -> Optional[PassThrough]: + def get_event_source_arn(self) -> PassThrough | None: return self.Cluster - def get_policy_arn(self) -> Optional[str]: + def get_policy_arn(self) -> str | None: return None - def get_policy_statements(self, intrinsic_resolver: Optional[IntrinsicsResolver] = None) -> List[Dict[str, Any]]: + def get_policy_statements(self, intrinsic_resolver: IntrinsicsResolver | None = None) -> list[dict[str, Any]]: basic_auth_uri = self._validate_source_access_configurations(["BASIC_AUTH"], "BASIC_AUTH") statements = [ diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py index 8f237f5270..425b2af745 100644 --- a/samtranslator/model/eventsources/push.py +++ b/samtranslator/model/eventsources/push.py @@ -1,7 +1,7 @@ import copy import re from abc import ABCMeta -from typing import Any, Dict, List, Optional, Union, cast +from typing import Any, Union, cast from samtranslator.intrinsics.resolver import IntrinsicsResolver from samtranslator.metrics.method_decorator import cw_timer @@ -69,7 +69,7 @@ class PushEventSource(ResourceMacro, metaclass=ABCMeta): principal: str = None # type: ignore relative_id: str # overriding the Optional[str]: for event, relative id is not None - def _construct_permission( # type: ignore[no-untyped-def] # noqa: PLR0913 + def _construct_permission( # type: ignore[no-untyped-def] self, function, source_arn=None, source_account=None, suffix="", event_source_token=None, prefix=None ): """Constructs the Lambda Permission resource allowing the source service to invoke the function this event @@ -122,14 +122,14 @@ class Schedule(PushEventSource): } Schedule: PassThrough - RuleName: Optional[PassThrough] - Input: Optional[PassThrough] - Enabled: Optional[bool] - State: Optional[PassThrough] - Name: Optional[PassThrough] - Description: Optional[PassThrough] - DeadLetterConfig: Optional[Dict[str, Any]] - RetryPolicy: Optional[PassThrough] + RuleName: PassThrough | None + Input: PassThrough | None + Enabled: bool | None + State: PassThrough | None + Name: PassThrough | None + Description: PassThrough | None + DeadLetterConfig: dict[str, Any] | None + RetryPolicy: PassThrough | None @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -218,17 +218,17 @@ class CloudWatchEvent(PushEventSource): "InputTransformer": PropertyType(False, IS_DICT), } - EventBusName: Optional[PassThrough] - RuleName: Optional[PassThrough] - Pattern: Optional[PassThrough] - DeadLetterConfig: Optional[Dict[str, Any]] - RetryPolicy: Optional[PassThrough] - Input: Optional[PassThrough] - InputPath: Optional[PassThrough] - Target: Optional[PassThrough] - Enabled: Optional[bool] - State: Optional[PassThrough] - InputTransformer: Optional[PassThrough] + EventBusName: PassThrough | None + RuleName: PassThrough | None + Pattern: PassThrough | None + DeadLetterConfig: dict[str, Any] | None + RetryPolicy: PassThrough | None + Input: PassThrough | None + InputPath: PassThrough | None + Target: PassThrough | None + Enabled: bool | None + State: PassThrough | None + InputTransformer: PassThrough | None @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -324,9 +324,9 @@ class S3(PushEventSource): "Filter": PropertyType(False, dict_of(IS_STR, IS_STR)), } - Bucket: Dict[str, Any] - Events: Union[str, List[str]] - Filter: Optional[Dict[str, str]] + Bucket: dict[str, Any] + Events: Union[str, list[str]] + Filter: dict[str, str] | None def resources_to_link(self, resources): # type: ignore[no-untyped-def] if isinstance(self.Bucket, dict) and "Ref" in self.Bucket: @@ -417,8 +417,8 @@ def _depend_on_lambda_permissions(self, bucket, permission): # type: ignore[no- return bucket def _depend_on_lambda_permissions_using_tag( - self, bucket: Dict[str, Any], bucket_id: str, permission: LambdaPermission - ) -> Dict[str, Any]: + self, bucket: dict[str, Any], bucket_id: str, permission: LambdaPermission + ) -> dict[str, Any]: """ Since conditional DependsOn is not supported this undocumented way of implicitely making dependency through tags is used. @@ -433,7 +433,7 @@ def _depend_on_lambda_permissions_using_tag( if properties is None: properties = {} bucket["Properties"] = properties - tags = properties.get("Tags", None) + tags = properties.get("Tags") if tags is None: tags = [] properties["Tags"] = tags @@ -476,7 +476,7 @@ def _inject_notification_configuration(self, function, bucket, bucket_id): # ty sam_expect(notification_config, bucket_id, "NotificationConfiguration").to_be_a_map() - lambda_notifications = notification_config.get("LambdaConfigurations", None) + lambda_notifications = notification_config.get("LambdaConfigurations") if lambda_notifications is None: lambda_notifications = [] notification_config["LambdaConfigurations"] = lambda_notifications @@ -505,11 +505,11 @@ class SNS(PushEventSource): } Topic: str - Region: Optional[str] - FilterPolicy: Optional[Dict[str, Any]] - FilterPolicyScope: Optional[str] - SqsSubscription: Optional[Any] - RedrivePolicy: Optional[Dict[str, Any]] + Region: str | None + FilterPolicy: dict[str, Any] | None + FilterPolicyScope: str | None + SqsSubscription: Any | None + RedrivePolicy: dict[str, Any] | None @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -573,7 +573,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # SNS -> SQS(Existing) -> Lambda resources = [] - sqs_subscription: Dict[str, Any] = sam_expect( + sqs_subscription: dict[str, Any] = sam_expect( self.SqsSubscription, self.relative_id, "SqsSubscription", is_sam_event=True ).to_be_a_map() queue_arn = sqs_subscription.get("QueueArn") @@ -607,8 +607,8 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] def _check_fifo_topic( self, - topic_id: Optional[str], - template: Optional[Dict[str, Any]], + topic_id: str | None, + template: dict[str, Any] | None, intrinsics_resolver: IntrinsicsResolver, ) -> bool: if not topic_id or not template: @@ -623,10 +623,10 @@ def _inject_subscription( # noqa: PLR0913 protocol: str, endpoint: str, topic: str, - region: Optional[str], - filterPolicy: Optional[Dict[str, Any]], - filterPolicyScope: Optional[str], - redrivePolicy: Optional[Dict[str, Any]], + region: str | None, + filterPolicy: dict[str, Any] | None, + filterPolicyScope: str | None, + redrivePolicy: dict[str, Any] | None, function: Any, ) -> SNSSubscription: subscription = SNSSubscription(self.logical_id, attributes=function.get_passthrough_resource_attributes()) @@ -695,14 +695,14 @@ class Api(PushEventSource): Path: str Method: str RestApiId: str - Stage: Optional[str] - Auth: Optional[Dict[str, Any]] - RequestModel: Optional[Dict[str, Any]] - RequestParameters: Optional[List[Any]] - TimeoutInMillis: Optional[PassThrough] - ResponseTransferMode: Optional[PassThrough] - - def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + Stage: str | None + Auth: dict[str, Any] | None + RequestModel: dict[str, Any] | None + RequestParameters: list[Any] | None + TimeoutInMillis: PassThrough | None + ResponseTransferMode: PassThrough | None + + def resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: """ If this API Event Source refers to an explicit API resource, resolve the reference and grab necessary data from the explicit API @@ -711,8 +711,8 @@ def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: @staticmethod def resources_to_link_for_rest_api( - resources: Dict[str, Any], relative_id: str, raw_rest_api_id: Optional[Any] - ) -> Dict[str, Any]: + resources: dict[str, Any], relative_id: str, raw_rest_api_id: Any | None + ) -> dict[str, Any]: # If RestApiId is a resource in the same template, then we try find the StageName by following the reference # Otherwise we default to a wildcard. This stage name is solely used to construct the permission to # allow this stage to invoke the Lambda function. If we are unable to resolve the stage name, we will @@ -1031,9 +1031,9 @@ def _add_swagger_integration( # type: ignore[no-untyped-def] # noqa: PLR0912, P def _get_merged_definitions( self, api_id: str, - source_definition_body: Dict[str, Any], + source_definition_body: dict[str, Any], editor: SwaggerEditor, - ) -> Dict[str, Any]: + ) -> dict[str, Any]: """ Merge SAM generated swagger definition(dest_definition_body) into inline DefinitionBody(source_definition_body): - for a conflicting key, use SAM generated value @@ -1075,8 +1075,8 @@ def get_rest_api_id_string(rest_api_id: Any) -> Any: @staticmethod def add_auth_to_swagger( # noqa: PLR0912, PLR0913 - event_auth: Dict[str, Any], - api: Dict[str, Any], + event_auth: dict[str, Any], + api: dict[str, Any], api_id: str, event_id: str, method: str, @@ -1158,7 +1158,7 @@ class AlexaSkill(PushEventSource): property_types = {"SkillId": PropertyType(False, IS_STR)} - SkillId: Optional[PassThrough] + SkillId: PassThrough | None @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -1180,7 +1180,7 @@ class IoTRule(PushEventSource): property_types = {"Sql": PropertyType(True, IS_STR), "AwsIotSqlVersion": PropertyType(False, IS_STR)} Sql: PassThrough - AwsIotSqlVersion: Optional[PassThrough] + AwsIotSqlVersion: PassThrough | None @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -1232,7 +1232,7 @@ class Cognito(PushEventSource): } UserPool: Any - Trigger: Union[str, List[str]] + Trigger: Union[str, list[str]] def resources_to_link(self, resources): # type: ignore[no-untyped-def] if isinstance(self.UserPool, dict) and "Ref" in self.UserPool: @@ -1277,7 +1277,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] resources.append(CognitoUserPool.from_dict(userpool_id, userpool, userpool_id)) return resources - def _inject_lambda_config(self, function: Any, userpool: Dict[str, Any], userpool_id: str) -> None: + def _inject_lambda_config(self, function: Any, userpool: dict[str, Any], userpool_id: str) -> None: event_triggers = self.Trigger if isinstance(self.Trigger, str): event_triggers = [self.Trigger] @@ -1320,14 +1320,14 @@ class HttpApi(PushEventSource): "PayloadFormatVersion": PropertyType(False, IS_STR), } - Path: Optional[str] - Method: Optional[str] - ApiId: Optional[Union[str, Dict[str, str]]] - Stage: Optional[PassThrough] - Auth: Optional[PassThrough] - TimeoutInMillis: Optional[PassThrough] - RouteSettings: Optional[PassThrough] - PayloadFormatVersion: Optional[PassThrough] + Path: str | None + Method: str | None + ApiId: Union[str, dict[str, str]] | None + Stage: PassThrough | None + Auth: PassThrough | None + TimeoutInMillis: PassThrough | None + RouteSettings: PassThrough | None + PayloadFormatVersion: PassThrough | None @property def _method(self) -> str: @@ -1493,7 +1493,7 @@ def _add_openapi_integration(self, api, api_id, function, manage_swagger=False): api["DefinitionBody"] = editor.openapi def _add_auth_to_openapi_integration( - self, api: Dict[str, Any], api_id: str, editor: OpenApiEditor, auth: Dict[str, Any] + self, api: dict[str, Any], api_id: str, editor: OpenApiEditor, auth: dict[str, Any] ) -> None: """Adds authorization to the lambda integration :param api: api object diff --git a/samtranslator/model/eventsources/scheduler.py b/samtranslator/model/eventsources/scheduler.py index ff5d72ece4..220006bc40 100644 --- a/samtranslator/model/eventsources/scheduler.py +++ b/samtranslator/model/eventsources/scheduler.py @@ -1,5 +1,5 @@ from enum import Enum, auto -from typing import Any, Dict, List, Optional, Tuple, Union, cast +from typing import Any, Union, cast from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model import Property, PropertyType, Resource, ResourceMacro @@ -54,29 +54,29 @@ class SchedulerEventSource(ResourceMacro): # Below are type hints, must maintain consistent with properties_types # - pass-through to generated IAM role - PermissionsBoundary: Optional[str] + PermissionsBoundary: str | None # - pass-through to AWS::Scheduler::Schedule ScheduleExpression: str - FlexibleTimeWindow: Optional[Dict[str, Any]] - Name: Optional[PassThrough] - State: Optional[PassThrough] - Description: Optional[PassThrough] - StartDate: Optional[PassThrough] - EndDate: Optional[PassThrough] - ScheduleExpressionTimezone: Optional[PassThrough] - GroupName: Optional[PassThrough] - KmsKeyArn: Optional[PassThrough] + FlexibleTimeWindow: dict[str, Any] | None + Name: PassThrough | None + State: PassThrough | None + Description: PassThrough | None + StartDate: PassThrough | None + EndDate: PassThrough | None + ScheduleExpressionTimezone: PassThrough | None + GroupName: PassThrough | None + KmsKeyArn: PassThrough | None # - pass-through to AWS::Scheduler::Schedule's Target - Input: Optional[PassThrough] - RoleArn: Optional[PassThrough] - DeadLetterConfig: Optional[Dict[str, Any]] - RetryPolicy: Optional[PassThrough] - OmitName: Optional[bool] + Input: PassThrough | None + RoleArn: PassThrough | None + DeadLetterConfig: dict[str, Any] | None + RetryPolicy: PassThrough | None + OmitName: bool | None DEFAULT_FLEXIBLE_TIME_WINDOW = {"Mode": "OFF"} @cw_timer(prefix=FUNCTION_EVETSOURCE_METRIC_PREFIX) - def to_cloudformation(self, **kwargs: Dict[str, Any]) -> List[Resource]: + def to_cloudformation(self, **kwargs: dict[str, Any]) -> list[Resource]: """Returns the Scheduler Schedule and an IAM role. :param dict kwargs: no existing resources need to be modified @@ -102,12 +102,12 @@ def to_cloudformation(self, **kwargs: Dict[str, Any]) -> List[Resource]: passthrough_resource_attributes = target.get_passthrough_resource_attributes() - resources: List[Resource] = [] + resources: list[Resource] = [] scheduler_schedule = self._construct_scheduler_schedule_without_target(passthrough_resource_attributes) resources.append(scheduler_schedule) - dlq_queue_arn: Optional[str] = None + dlq_queue_arn: str | None = None if self.DeadLetterConfig is not None: # The dql config spec is the same as normal "Schedule" event, # so continue to use EventBridgeRuleUtils for validation. @@ -119,7 +119,7 @@ def to_cloudformation(self, **kwargs: Dict[str, Any]) -> List[Resource]: ) resources.extend(dlq_resources) - execution_role_arn: Union[str, Dict[str, Any]] = self.RoleArn # type: ignore[assignment] + execution_role_arn: Union[str, dict[str, Any]] = self.RoleArn # type: ignore[assignment] if not execution_role_arn: execution_role = self._construct_execution_role( target, target_type, passthrough_resource_attributes, dlq_queue_arn, self.PermissionsBoundary @@ -132,7 +132,7 @@ def to_cloudformation(self, **kwargs: Dict[str, Any]) -> List[Resource]: return resources def _construct_scheduler_schedule_without_target( - self, passthrough_resource_attributes: Dict[str, Any] + self, passthrough_resource_attributes: dict[str, Any] ) -> SchedulerSchedule: scheduler_schedule = SchedulerSchedule(self.logical_id, attributes=passthrough_resource_attributes) scheduler_schedule.ScheduleExpression = self.ScheduleExpression @@ -167,9 +167,9 @@ def _construct_execution_role( self, target: Resource, target_type: _SchedulerScheduleTargetType, - passthrough_resource_attributes: Dict[str, Any], - dlq_queue_arn: Optional[str], - permissions_boundary: Optional[str], + passthrough_resource_attributes: dict[str, Any], + dlq_queue_arn: str | None, + permissions_boundary: str | None, ) -> IAMRole: """Constructs the execution role for Scheduler Schedule.""" if target_type == _SchedulerScheduleTargetType.FUNCTION: @@ -195,8 +195,8 @@ def _construct_execution_role( return execution_role def _construct_scheduler_schedule_target( - self, target: Resource, execution_role_arn: Union[str, Dict[str, Any]], dead_letter_queue_arn: Optional[Any] - ) -> Dict[str, Any]: + self, target: Resource, execution_role_arn: Union[str, dict[str, Any]], dead_letter_queue_arn: Any | None + ) -> dict[str, Any]: """Constructs the Target property for the Scheduler Schedule. :returns: the Target property @@ -204,7 +204,7 @@ def _construct_scheduler_schedule_target( Inspired by https://github.com/aws/serverless-application-model/blob/a25933379e1cad3d0df4b35729ee2ec335402fdf/samtranslator/model/eventsources/push.py#L157 """ - target_dict: Dict[str, Any] = { + target_dict: dict[str, Any] = { "Arn": target.get_runtime_attr("arn"), "RoleArn": execution_role_arn, } @@ -220,8 +220,8 @@ def _construct_scheduler_schedule_target( return target_dict def _get_dlq_queue_arn_and_resources( - self, dlq_config: Dict[str, Any], passthrough_resource_attributes: Optional[Dict[str, Any]] - ) -> Tuple[Any, List[Resource]]: + self, dlq_config: dict[str, Any], passthrough_resource_attributes: dict[str, Any] | None + ) -> tuple[Any, list[Resource]]: """ Returns dlq queue arn and dlq_resources, assuming self.DeadLetterConfig has been validated. @@ -236,7 +236,7 @@ def _get_dlq_queue_arn_and_resources( self.logical_id, "QueueLogicalId must be a string", ) - dlq_resources: List[Resource] = [] + dlq_resources: list[Resource] = [] queue = SQSQueue(queue_logical_id or self.logical_id + "Queue", attributes=passthrough_resource_attributes) dlq_resources.append(queue) diff --git a/samtranslator/model/exceptions.py b/samtranslator/model/exceptions.py index a14a47f507..ad0603f382 100644 --- a/samtranslator/model/exceptions.py +++ b/samtranslator/model/exceptions.py @@ -1,7 +1,8 @@ from abc import ABC, abstractmethod from collections import defaultdict +from collections.abc import Sequence from enum import Enum -from typing import Any, Dict, List, Optional, Sequence, Union +from typing import Any, Union class ExpectedType(Enum): @@ -19,7 +20,7 @@ def message(self) -> str: """Return the exception message.""" @property - def metadata(self) -> Optional[Dict[str, Any]]: + def metadata(self) -> dict[str, Any] | None: """Return the exception metadata.""" @@ -43,7 +44,7 @@ def message(self) -> str: return f"Invalid Serverless Application Specification document. Number of errors found: {len(self.causes)}." @property - def metadata(self) -> Dict[str, List[Any]]: + def metadata(self) -> dict[str, list[Any]]: # Merge metadata in each exception to one single metadata dictionary metadata_dict = defaultdict(list) for cause in self.causes: @@ -100,9 +101,7 @@ class InvalidResourceException(ExceptionWithMessage): message -- explanation of the error """ - def __init__( - self, logical_id: Union[str, List[str]], message: str, metadata: Optional[Dict[str, Any]] = None - ) -> None: + def __init__(self, logical_id: Union[str, list[str]], message: str, metadata: dict[str, Any] | None = None) -> None: self._logical_id = logical_id self._message = message self._metadata = metadata @@ -115,7 +114,7 @@ def message(self) -> str: return f"Resource with id [{self._logical_id}] is invalid. {self._message}" @property - def metadata(self) -> Optional[Dict[str, Any]]: + def metadata(self) -> dict[str, Any] | None: return self._metadata @@ -124,8 +123,8 @@ def __init__( self, logical_id: str, key_path: str, - expected_type: Optional[ExpectedType], - message: Optional[str] = None, + expected_type: ExpectedType | None, + message: str | None = None, ) -> None: message = message or self._default_message(key_path, expected_type) super().__init__(logical_id, message) @@ -139,7 +138,7 @@ def __repr__(self) -> str: return self.message @staticmethod - def _default_message(key_path: str, expected_type: Optional[ExpectedType]) -> str: + def _default_message(key_path: str, expected_type: ExpectedType | None) -> str: if expected_type: type_description, _ = expected_type.value return f"Property '{key_path}' should be a {type_description}." @@ -151,14 +150,14 @@ def __init__( self, logical_id: str, key_path: str, - expected_type: Optional[ExpectedType], - message: Optional[str] = None, + expected_type: ExpectedType | None, + message: str | None = None, ) -> None: message = message or self._default_message(logical_id, key_path, expected_type) super().__init__(logical_id, message) @staticmethod - def _default_message(logical_id: str, key_path: str, expected_type: Optional[ExpectedType]) -> str: + def _default_message(logical_id: str, key_path: str, expected_type: ExpectedType | None) -> str: if expected_type: type_description, _ = expected_type.value return f"Attribute '{key_path}' should be a {type_description}." @@ -175,7 +174,7 @@ class InvalidEventException(ExceptionWithMessage): # Note: event_id should not be None, but currently there are too many # usage of this class with `event_id` being Optional. # TODO: refactor the code to make type correct. - def __init__(self, event_id: Optional[str], message: str) -> None: + def __init__(self, event_id: str | None, message: str) -> None: self._event_id = event_id self._message = message @@ -194,5 +193,5 @@ def prepend(exception, message, end=": "): # type: ignore[no-untyped-def] :returns: the exception """ exception.args = exception.args or ("",) - exception.args = (message + end + exception.args[0],) + exception.args[1:] + exception.args = (message + end + exception.args[0], *exception.args[1:]) return exception diff --git a/samtranslator/model/iam.py b/samtranslator/model/iam.py index 62681a97a3..8506e7b327 100644 --- a/samtranslator/model/iam.py +++ b/samtranslator/model/iam.py @@ -1,4 +1,4 @@ -from typing import Any, Dict +from typing import Any from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.intrinsics import fnGetAtt, ref @@ -43,7 +43,7 @@ class IAMManagedPolicy(Resource): class IAMRolePolicies: @classmethod - def construct_assume_role_policy_for_service_principal(cls, service_principal: str) -> Dict[str, Any]: + def construct_assume_role_policy_for_service_principal(cls, service_principal: str) -> dict[str, Any]: return { "Version": "2012-10-17", "Statement": [ @@ -65,7 +65,7 @@ def step_functions_start_execution_role_policy(cls, state_machine_arn, logical_i } @classmethod - def stepfunctions_assume_role_policy(cls) -> Dict[str, Any]: + def stepfunctions_assume_role_policy(cls) -> dict[str, Any]: return { "Version": "2012-10-17", "Statement": [ @@ -78,7 +78,7 @@ def stepfunctions_assume_role_policy(cls) -> Dict[str, Any]: } @classmethod - def cloud_watch_log_assume_role_policy(cls) -> Dict[str, Any]: + def cloud_watch_log_assume_role_policy(cls) -> dict[str, Any]: return { "Version": "2012-10-17", "Statement": [ @@ -91,7 +91,7 @@ def cloud_watch_log_assume_role_policy(cls) -> Dict[str, Any]: } @classmethod - def scheduler_assume_role_policy(cls) -> Dict[str, Any]: + def scheduler_assume_role_policy(cls) -> dict[str, Any]: return { "Version": "2012-10-17", "Statement": [ @@ -100,7 +100,7 @@ def scheduler_assume_role_policy(cls) -> Dict[str, Any]: } @classmethod - def lambda_assume_role_policy(cls) -> Dict[str, Any]: + def lambda_assume_role_policy(cls) -> dict[str, Any]: return { "Version": "2012-10-17", "Statement": [ @@ -109,10 +109,10 @@ def lambda_assume_role_policy(cls) -> Dict[str, Any]: } @classmethod - def dead_letter_queue_policy(cls, action: Any, resource: Any) -> Dict[str, Any]: + def dead_letter_queue_policy(cls, action: Any, resource: Any) -> dict[str, Any]: """Return the DeadLetterQueue Policy to be added to the LambdaRole :returns: Policy for the DeadLetterQueue - :rtype: Dict + :rtype: dict """ return { "PolicyName": "DeadLetterQueuePolicy", @@ -123,21 +123,21 @@ def dead_letter_queue_policy(cls, action: Any, resource: Any) -> Dict[str, Any]: } @classmethod - def sqs_send_message_role_policy(cls, queue_arn: Any, logical_id: str) -> Dict[str, Any]: + def sqs_send_message_role_policy(cls, queue_arn: Any, logical_id: str) -> dict[str, Any]: return { "PolicyName": logical_id + "SQSPolicy", "PolicyDocument": {"Statement": [{"Action": "sqs:SendMessage", "Effect": "Allow", "Resource": queue_arn}]}, } @classmethod - def sns_publish_role_policy(cls, topic_arn: Any, logical_id: str) -> Dict[str, Any]: + def sns_publish_role_policy(cls, topic_arn: Any, logical_id: str) -> dict[str, Any]: return { "PolicyName": logical_id + "SNSPolicy", "PolicyDocument": {"Statement": [{"Action": "sns:publish", "Effect": "Allow", "Resource": topic_arn}]}, } @classmethod - def s3_send_event_payload_role_policy(cls, s3_arn: Any, logical_id: str) -> Dict[str, Any]: + def s3_send_event_payload_role_policy(cls, s3_arn: Any, logical_id: str) -> dict[str, Any]: s3_arn_with_wild_card = {"Fn::Join": ["/", [s3_arn, "*"]]} return { "PolicyName": logical_id + "S3Policy", @@ -150,7 +150,7 @@ def s3_send_event_payload_role_policy(cls, s3_arn: Any, logical_id: str) -> Dict } @classmethod - def event_bus_put_events_role_policy(cls, event_bus_arn: Any, logical_id: str) -> Dict[str, Any]: + def event_bus_put_events_role_policy(cls, event_bus_arn: Any, logical_id: str) -> dict[str, Any]: return { "PolicyName": logical_id + "EventBridgePolicy", "PolicyDocument": { @@ -159,7 +159,7 @@ def event_bus_put_events_role_policy(cls, event_bus_arn: Any, logical_id: str) - } @classmethod - def lambda_invoke_function_role_policy(cls, function_arn: Any, logical_id: str) -> Dict[str, Any]: + def lambda_invoke_function_role_policy(cls, function_arn: Any, logical_id: str) -> dict[str, Any]: return { "PolicyName": logical_id + "LambdaPolicy", "PolicyDocument": { diff --git a/samtranslator/model/intrinsics.py b/samtranslator/model/intrinsics.py index db955994cb..4512ec28c4 100644 --- a/samtranslator/model/intrinsics.py +++ b/samtranslator/model/intrinsics.py @@ -1,47 +1,48 @@ -from typing import Any, Dict, Iterable, List, Optional, Union +from collections.abc import Iterable +from typing import Any, Union MIN_NUM_CONDITIONS_TO_COMBINE = 2 _NUM_ARGUMENTS_REQUIRED_IN_IF = 3 _NUM_ARGUMENTS_REQUIRED_IN_GETATT = 2 -def fnGetAtt(logical_name: str, attribute_name: str) -> Dict[str, List[str]]: +def fnGetAtt(logical_name: str, attribute_name: str) -> dict[str, list[str]]: return {"Fn::GetAtt": [logical_name, attribute_name]} -def ref(logical_name: str) -> Dict[str, str]: +def ref(logical_name: str) -> dict[str, str]: return {"Ref": logical_name} -def fnJoin(delimiter: str, values: List[str]) -> Dict[str, List[Any]]: +def fnJoin(delimiter: str, values: list[str]) -> dict[str, list[Any]]: return {"Fn::Join": [delimiter, values]} -def fnSub(string: str, variables: Optional[Dict[str, Any]] = None) -> Dict[str, Union[str, List[Any]]]: +def fnSub(string: str, variables: dict[str, Any] | None = None) -> dict[str, Union[str, list[Any]]]: if variables: return {"Fn::Sub": [string, variables]} return {"Fn::Sub": string} -def fnOr(argument_list: List[Any]) -> Dict[str, List[Any]]: +def fnOr(argument_list: list[Any]) -> dict[str, list[Any]]: return {"Fn::Or": argument_list} -def fnAnd(argument_list: List[Any]) -> Dict[str, List[Any]]: +def fnAnd(argument_list: list[Any]) -> dict[str, list[Any]]: return {"Fn::And": argument_list} -def make_conditional(condition: str, true_data: Any, false_data: Optional[Any] = None) -> Dict[str, List[Any]]: +def make_conditional(condition: str, true_data: Any, false_data: Any | None = None) -> dict[str, list[Any]]: if false_data is None: false_data = {"Ref": "AWS::NoValue"} return {"Fn::If": [condition, true_data, false_data]} -def make_not_conditional(condition: str) -> Dict[str, List[Dict[str, str]]]: +def make_not_conditional(condition: str) -> dict[str, list[dict[str, str]]]: return {"Fn::Not": [{"Condition": condition}]} -def make_condition_or_list(conditions_list: Iterable[Any]) -> List[Dict[str, Any]]: +def make_condition_or_list(conditions_list: Iterable[Any]) -> list[dict[str, Any]]: condition_or_list = [] for condition in conditions_list: c = {"Condition": condition} @@ -49,12 +50,12 @@ def make_condition_or_list(conditions_list: Iterable[Any]) -> List[Dict[str, Any return condition_or_list -def make_or_condition(conditions_list: Iterable[Any]) -> Dict[str, List[Dict[str, Any]]]: +def make_or_condition(conditions_list: Iterable[Any]) -> dict[str, list[dict[str, Any]]]: or_list = make_condition_or_list(conditions_list) return fnOr(or_list) -def make_and_condition(conditions_list: Iterable[Any]) -> Dict[str, List[Dict[str, Any]]]: +def make_and_condition(conditions_list: Iterable[Any]) -> dict[str, list[dict[str, Any]]]: and_list = make_condition_or_list(conditions_list) return fnAnd(and_list) @@ -78,8 +79,8 @@ def calculate_number_of_conditions(conditions_length: int, max_conditions: int) def make_combined_condition( - conditions_list: List[str], condition_name: str -) -> Optional[Dict[str, Dict[str, List[Dict[str, Any]]]]]: + conditions_list: list[str], condition_name: str +) -> dict[str, dict[str, list[dict[str, Any]]]] | None: """ Makes a combined condition using Fn::Or. Since Fn::Or only accepts up to 10 conditions, this method optionally creates multiple conditions. These conditions are named based on @@ -115,7 +116,7 @@ def make_combined_condition( return conditions -def make_shorthand(intrinsic_dict: Dict[str, Any]) -> str: +def make_shorthand(intrinsic_dict: dict[str, Any]) -> str: """ Converts a given intrinsics dictionary into a short-hand notation that Fn::Sub can use. Only Ref and Fn::GetAtt support shorthands. @@ -147,7 +148,7 @@ def is_intrinsic(_input: Any) -> bool: if _input is not None and isinstance(_input, dict) and len(_input) == 1: key: str = next(iter(_input.keys())) - return key == "Ref" or key == "Condition" or key.startswith("Fn::") + return key in {"Ref", "Condition"} or key.startswith("Fn::") return False @@ -202,7 +203,7 @@ def is_intrinsic_no_value(_input: Any) -> bool: return key == "Ref" and _input["Ref"] == "AWS::NoValue" -def get_logical_id_from_intrinsic(_input: Any) -> Optional[str]: +def get_logical_id_from_intrinsic(_input: Any) -> str | None: """ Verify if input is an Fn:GetAtt or Ref intrinsic diff --git a/samtranslator/model/lambda_.py b/samtranslator/model/lambda_.py index 11dfae55a9..f5e4f2cc88 100644 --- a/samtranslator/model/lambda_.py +++ b/samtranslator/model/lambda_.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, List, Optional, Union +from typing import Any, Union from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.intrinsics import fnGetAtt, ref @@ -43,37 +43,37 @@ class LambdaFunction(Resource): "DurableConfig": GeneratedProperty(), } - Code: Dict[str, Any] - PackageType: Optional[str] - DeadLetterConfig: Optional[Dict[str, Any]] - Description: Optional[Intrinsicable[str]] - FunctionName: Optional[Intrinsicable[str]] - Handler: Optional[str] - MemorySize: Optional[Intrinsicable[int]] - Role: Optional[Intrinsicable[str]] - Runtime: Optional[str] - Timeout: Optional[Intrinsicable[int]] - VpcConfig: Optional[Dict[str, Any]] - Environment: Optional[Dict[str, Any]] - Tags: Optional[List[Dict[str, Any]]] - TracingConfig: Optional[Dict[str, Any]] - KmsKeyArn: Optional[Intrinsicable[str]] - Layers: Optional[List[Any]] - ReservedConcurrentExecutions: Optional[Any] - FileSystemConfigs: Optional[Dict[str, Any]] - CodeSigningConfigArn: Optional[Intrinsicable[str]] - ImageConfig: Optional[Dict[str, Any]] - Architectures: Optional[List[Any]] - SnapStart: Optional[Dict[str, Any]] - EphemeralStorage: Optional[Dict[str, Any]] - RuntimeManagementConfig: Optional[Dict[str, Any]] - LoggingConfig: Optional[Dict[str, Any]] - RecursiveLoop: Optional[str] - CapacityProviderConfig: Optional[Dict[str, Any]] - FunctionScalingConfig: Optional[Dict[str, Any]] - PublishToLatestPublished: Optional[Dict[str, Any]] - TenancyConfig: Optional[Dict[str, Any]] - DurableConfig: Optional[Dict[str, Any]] + Code: dict[str, Any] + PackageType: str | None + DeadLetterConfig: dict[str, Any] | None + Description: Intrinsicable[str] | None + FunctionName: Intrinsicable[str] | None + Handler: str | None + MemorySize: Intrinsicable[int] | None + Role: Intrinsicable[str] | None + Runtime: str | None + Timeout: Intrinsicable[int] | None + VpcConfig: dict[str, Any] | None + Environment: dict[str, Any] | None + Tags: list[dict[str, Any]] | None + TracingConfig: dict[str, Any] | None + KmsKeyArn: Intrinsicable[str] | None + Layers: list[Any] | None + ReservedConcurrentExecutions: Any | None + FileSystemConfigs: dict[str, Any] | None + CodeSigningConfigArn: Intrinsicable[str] | None + ImageConfig: dict[str, Any] | None + Architectures: list[Any] | None + SnapStart: dict[str, Any] | None + EphemeralStorage: dict[str, Any] | None + RuntimeManagementConfig: dict[str, Any] | None + LoggingConfig: dict[str, Any] | None + RecursiveLoop: str | None + CapacityProviderConfig: dict[str, Any] | None + FunctionScalingConfig: dict[str, Any] | None + PublishToLatestPublished: dict[str, Any] | None + TenancyConfig: dict[str, Any] | None + DurableConfig: dict[str, Any] | None runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")} @@ -179,12 +179,12 @@ class LambdaLayerVersion(Resource): "LicenseInfo": GeneratedProperty(), } - Content: Dict[str, Any] - Description: Optional[Intrinsicable[str]] - LayerName: Optional[Intrinsicable[str]] - CompatibleArchitectures: Optional[List[Union[str, Dict[str, Any]]]] - CompatibleRuntimes: Optional[List[Union[str, Dict[str, Any]]]] - LicenseInfo: Optional[Intrinsicable[str]] + Content: dict[str, Any] + Description: Intrinsicable[str] | None + LayerName: Intrinsicable[str] | None + CompatibleArchitectures: list[Union[str, dict[str, Any]]] | None + CompatibleRuntimes: list[Union[str, dict[str, Any]]] | None + LicenseInfo: Intrinsicable[str] | None runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")} diff --git a/samtranslator/model/preferences/deployment_preference_collection.py b/samtranslator/model/preferences/deployment_preference_collection.py index ead06abe9b..2387e3950e 100644 --- a/samtranslator/model/preferences/deployment_preference_collection.py +++ b/samtranslator/model/preferences/deployment_preference_collection.py @@ -1,5 +1,5 @@ import copy -from typing import Any, Dict, List, Optional, Union, cast +from typing import Any, Union, cast from samtranslator.model.codedeploy import CodeDeployApplication, CodeDeployDeploymentGroup from samtranslator.model.exceptions import InvalidResourceException @@ -51,15 +51,15 @@ def __init__(self) -> None: This collection stores an internal dict of the deployment preferences for each function's deployment preference in the SAM Template. """ - self._resource_preferences: Dict[str, Any] = {} + self._resource_preferences: dict[str, Any] = {} def add( self, logical_id: str, - deployment_preference_dict: Dict[str, Any], - condition: Optional[str] = None, - tags: Optional[Dict[str, Any]] = None, - propagate_tags: Optional[bool] = False, + deployment_preference_dict: dict[str, Any], + condition: str | None = None, + tags: dict[str, Any] | None = None, + propagate_tags: bool | None = False, ) -> None: """ Add this deployment preference to the collection @@ -100,7 +100,7 @@ def can_skip_service_role(self) -> bool: """ return all(preference.role or not preference.enabled for preference in self._resource_preferences.values()) - def needs_resource_condition(self) -> Union[Dict[str, Any], bool]: + def needs_resource_condition(self) -> Union[dict[str, Any], bool]: """ If all preferences have a condition, all code deploy resources need to be conditionally created :return: True, if a condition needs to be created @@ -110,10 +110,10 @@ def needs_resource_condition(self) -> Union[Dict[str, Any], bool]: not preference.condition and preference.enabled for preference in self._resource_preferences.values() ) - def get_all_deployment_conditions(self) -> List[str]: + def get_all_deployment_conditions(self) -> list[str]: """ Returns a list of all conditions associated with the deployment preference resources - :return: List of condition names + :return: list of condition names """ conditions_set = {preference.condition for preference in self._resource_preferences.values()} if None in conditions_set: @@ -121,14 +121,14 @@ def get_all_deployment_conditions(self) -> List[str]: conditions_set.remove(None) return list(conditions_set) - def create_aggregate_deployment_condition(self) -> Union[None, Dict[str, Dict[str, List[Dict[str, Any]]]]]: + def create_aggregate_deployment_condition(self) -> Union[None, dict[str, dict[str, list[dict[str, Any]]]]]: """ Creates an aggregate deployment condition if necessary :return: None if <2 conditions are found, otherwise a dictionary of new conditions to add to template """ return make_combined_condition(self.get_all_deployment_conditions(), CODE_DEPLOY_CONDITION_NAME) - def enabled_logical_ids(self) -> List[str]: + def enabled_logical_ids(self) -> list[str]: """ :return: only the logical id's for the deployment preferences in this collection which are enabled """ @@ -138,7 +138,7 @@ def get_codedeploy_application(self) -> CodeDeployApplication: codedeploy_application_resource = CodeDeployApplication(CODEDEPLOY_APPLICATION_LOGICAL_ID) codedeploy_application_resource.ComputePlatform = "Lambda" - merged_tags: Dict[str, Any] = {} + merged_tags: dict[str, Any] = {} for preference in self._resource_preferences.values(): if preference.enabled and preference.propagate_tags and preference.tags: merged_tags.update(preference.tags) @@ -183,7 +183,7 @@ def get_codedeploy_iam_role(self) -> IAMRole: condition_name = conditions.pop() iam_role.set_resource_attribute("Condition", condition_name) - merged_tags: Dict[str, Any] = {} + merged_tags: dict[str, Any] = {} for preference in self._resource_preferences.values(): if preference.enabled and preference.propagate_tags and preference.tags: merged_tags.update(preference.tags) diff --git a/samtranslator/model/resource_policies.py b/samtranslator/model/resource_policies.py index a62a960799..ce139f3062 100644 --- a/samtranslator/model/resource_policies.py +++ b/samtranslator/model/resource_policies.py @@ -1,6 +1,6 @@ from collections import namedtuple from enum import Enum -from typing import Any, Dict, List +from typing import Any from samtranslator.model.exceptions import InvalidTemplateException from samtranslator.model.intrinsics import ( @@ -29,7 +29,7 @@ class ResourcePolicies: POLICIES_PROPERTY_NAME = "Policies" - def __init__(self, resource_properties: Dict[str, Any], policy_template_processor: Any = None) -> None: + def __init__(self, resource_properties: dict[str, Any], policy_template_processor: Any = None) -> None: """ Initialize with policies data from resource's properties @@ -56,7 +56,7 @@ def get(self): # type: ignore[no-untyped-def] def __len__(self): # type: ignore[no-untyped-def] return len(self.policies) - def _get_policies(self, resource_properties: Dict[str, Any]) -> List[Any]: + def _get_policies(self, resource_properties: dict[str, Any]) -> list[Any]: """ Returns a list of policies from the resource properties. This method knows how to interpret and handle polymorphic nature of the policies property. @@ -64,16 +64,16 @@ def _get_policies(self, resource_properties: Dict[str, Any]) -> List[Any]: Policies can be one of the following: * Managed policy name: string - * List of managed policy names: list of strings + * list of managed policy names: list of strings * IAM Policy document: dict containing Statement key - * List of IAM Policy documents: list of IAM Policy Document + * list of IAM Policy documents: list of IAM Policy Document * Policy Template: dict with only one key where key is in list of supported policy template names - * List of Policy Templates: list of Policy Template + * list of Policy Templates: list of Policy Template :param dict resource_properties: Dictionary of resource properties containing the policies property. It is assumed that this is already a dictionary and contains policies key. - :return list of PolicyEntry: List of policies, where each item is an instance of named tuple `PolicyEntry` + :return list of PolicyEntry: list of policies, where each item is an instance of named tuple `PolicyEntry` """ policies = None diff --git a/samtranslator/model/role_utils/role_constructor.py b/samtranslator/model/role_utils/role_constructor.py index 825bd55b3f..40fc1bc493 100644 --- a/samtranslator/model/role_utils/role_constructor.py +++ b/samtranslator/model/role_utils/role_constructor.py @@ -1,4 +1,5 @@ -from typing import Any, Callable, Dict, List, Optional +from collections.abc import Callable +from typing import Any from samtranslator.internal.managed_policies import get_bundled_managed_policy_map from samtranslator.internal.types import GetManagedPolicyMap @@ -11,8 +12,8 @@ def _get_managed_policy_arn( name: str, - managed_policy_map: Optional[Dict[str, str]], - get_managed_policy_map: Optional[GetManagedPolicyMap], + managed_policy_map: dict[str, str] | None, + get_managed_policy_map: GetManagedPolicyMap | None, ) -> str: """ Get the ARN of a AWS managed policy name. Used in Policies property of @@ -61,20 +62,20 @@ def _get_managed_policy_arn( def _convert_intrinsic_if_values( - intrinsic_if: Dict[str, List[Any]], is_convertible: Callable[[Any], Any], convert: Callable[[Any], Any] -) -> Dict[str, List[Any]]: + intrinsic_if: dict[str, list[Any]], is_convertible: Callable[[Any], Any], convert: Callable[[Any], Any] +) -> dict[str, list[Any]]: """ Convert the true and false value of the intrinsic if function according to `convert` function. :param intrinsic_if: A dict of the form {"Fn::If": [condition, value_if_true, value_if_false]} - :type intrinsic_if: Dict[str, List[Any]] + :type intrinsic_if: dict[str, list[Any]] :param is_convertible: The function used to decide if the value must be converted :type convert: Callable[[Any], Any] :param convert: The function used to make the conversion :type convert: Callable[[Any], Any] :return: The input dict with values converted - :rtype: Dict[str, List[Any]] + :rtype: dict[str, list[Any]] """ value_if_true = intrinsic_if["Fn::If"][1] value_if_false = intrinsic_if["Fn::If"][2] @@ -108,8 +109,8 @@ def construct_role_for_resource( # type: ignore[no-untyped-def] # noqa: PLR0913 :param managed_policy_map: Map of managed policy names to the ARNs :param assume_role_policy_document: The trust policy that must be associated with the role :param resource_policies: ResourcePolicies object encapuslating the policies property of SAM resource - :param managed_policy_arns: List of managed policy ARNs to be associated with the role - :param policy_documents: List of policy documents to be associated with the role + :param managed_policy_arns: list of managed policy ARNs to be associated with the role + :param policy_documents: list of policy documents to be associated with the role :param role_path: The path to the role :param permissions_boundary: The ARN of the policy used to set the permissions boundary for the role :param tags: Tags to be associated with the role diff --git a/samtranslator/model/route53.py b/samtranslator/model/route53.py index deab5c5221..61c80cb3fc 100644 --- a/samtranslator/model/route53.py +++ b/samtranslator/model/route53.py @@ -1,4 +1,4 @@ -from typing import Any, List, Optional +from typing import Any from samtranslator.model import GeneratedProperty, Resource from samtranslator.utils.types import Intrinsicable @@ -12,6 +12,6 @@ class Route53RecordSetGroup(Resource): "RecordSets": GeneratedProperty(), } - HostedZoneId: Optional[Intrinsicable[str]] - HostedZoneName: Optional[Intrinsicable[str]] - RecordSets: Optional[List[Any]] + HostedZoneId: Intrinsicable[str] | None + HostedZoneName: Intrinsicable[str] | None + RecordSets: list[Any] | None diff --git a/samtranslator/model/s3_utils/uri_parser.py b/samtranslator/model/s3_utils/uri_parser.py index 5985bdbe1f..44617999c7 100644 --- a/samtranslator/model/s3_utils/uri_parser.py +++ b/samtranslator/model/s3_utils/uri_parser.py @@ -1,11 +1,11 @@ from re import search -from typing import Any, Dict, Optional, Union +from typing import Any, Union from urllib.parse import parse_qs, urlparse from samtranslator.model.exceptions import InvalidResourceException -def parse_s3_uri(uri: Any) -> Optional[Dict[str, Any]]: +def parse_s3_uri(uri: Any) -> dict[str, Any] | None: """Parses a S3 Uri into a dictionary of the Bucket, Key, and VersionId :return: a BodyS3Location dict or None if not an S3 Uri @@ -14,7 +14,17 @@ def parse_s3_uri(uri: Any) -> Optional[Dict[str, Any]]: if not isinstance(uri, str): return None - url = urlparse(uri) + try: + url = urlparse(uri) + except ValueError: + # Python's urllib validates bracketed host segments ("[...]") against + # RFC 3986 IPv6/IPv4 grammars since the CVE-2024-11168 fix. Unresolved + # CDK tokens (for example "s3://[TOKEN.25]/key") or other malformed + # URIs therefore raise ValueError here. Treating the input as "not a + # valid S3 URI" lets the caller raise the existing, user-friendly + # InvalidResourceException with the resource logical id and property + # name, instead of surfacing an opaque "Internal transform failure". + return None query = parse_qs(url.query) if url.scheme == "s3" and url.netloc and url.path: @@ -65,8 +75,8 @@ def construct_image_code_object(image_uri, logical_id, property_name): # type: def construct_s3_location_object( - location_uri: Union[str, Dict[str, Any]], logical_id: str, property_name: str -) -> Dict[str, Any]: + location_uri: Union[str, dict[str, Any]], logical_id: str, property_name: str +) -> dict[str, Any]: """Constructs a Lambda `Code` or `Content` property, from the SAM `CodeUri` or `ContentUri` property. This follows the current scheme for Lambda Functions and LayerVersions. diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index 5c197cd4dc..0a3a9ba298 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -2,10 +2,9 @@ import copy import re -import sys +from collections.abc import Callable from contextlib import suppress -from types import ModuleType -from typing import Any, Callable, Dict, List, Literal, Optional, Tuple, Union, cast +from typing import Any, Literal, Union, cast import samtranslator.model.eventsources import samtranslator.model.eventsources.cloudwatchlogs @@ -36,19 +35,11 @@ SyncConfigType, UserPoolConfigType, ) - -# Pydantic 1 doesn't support Python 3.14 so these imports will fail until we migrate to v2 -try: - from samtranslator.internal.schema_source import ( - aws_serverless_capacity_provider, - aws_serverless_function, - aws_serverless_graphqlapi, - ) -except RuntimeError: # Pydantic fails when initializing the model classes with a RuntimeError in 3.14 - aws_serverless_capacity_provider = cast(ModuleType, None) - aws_serverless_function = cast(ModuleType, None) - aws_serverless_graphqlapi = cast(ModuleType, None) - +from samtranslator.internal.schema_source import ( + aws_serverless_capacity_provider, + aws_serverless_function, + aws_serverless_graphqlapi, +) from samtranslator.internal.schema_source.common import PermissionsType, SamIntrinsicable from samtranslator.internal.types import GetManagedPolicyMap from samtranslator.internal.utils.utils import passthrough_value, remove_none_values @@ -111,6 +102,7 @@ make_conditional, make_not_conditional, ref, + validate_intrinsic_if_items, ) from samtranslator.model.lambda_ import ( LAMBDA_TRACING_CONFIG_DISABLED, @@ -157,14 +149,6 @@ _CONDITION_CHAR_LIMIT = 255 -# Utility function to throw an error when using functionality that doesn't work in Python 3.14 (need migration to Pydantic v2) -def check_python_314_compatibility(module: Optional[ModuleType], functionality: str) -> None: - if sys.version_info >= (3, 14) and module is None: - raise RuntimeError( - f"{functionality} functionalities are temporarily not supported when running SAM in Python 3.14" - ) - - class SamFunction(SamResourceMacro): """SAM function macro.""" @@ -223,54 +207,54 @@ class SamFunction(SamResourceMacro): "DurableConfig": PropertyType(False, IS_DICT), } - FunctionName: Optional[Intrinsicable[str]] - Handler: Optional[str] - Runtime: Optional[str] - CodeUri: Optional[Any] - ImageUri: Optional[str] - PackageType: Optional[str] - InlineCode: Optional[Any] - DeadLetterQueue: Optional[Dict[str, Any]] - Description: Optional[Intrinsicable[str]] - MemorySize: Optional[Intrinsicable[int]] - Timeout: Optional[Intrinsicable[int]] - VpcConfig: Optional[Dict[str, Any]] - Role: Optional[Intrinsicable[str]] - AssumeRolePolicyDocument: Optional[Dict[str, Any]] - Policies: Optional[List[Any]] - RolePath: Optional[PassThrough] - PermissionsBoundary: Optional[Intrinsicable[str]] - Environment: Optional[Dict[str, Any]] - Events: Optional[Dict[str, Any]] - Tags: Optional[Dict[str, Any]] - PropagateTags: Optional[bool] - Tracing: Optional[Intrinsicable[str]] - KmsKeyArn: Optional[Intrinsicable[str]] - DeploymentPreference: Optional[Dict[str, Any]] - ReservedConcurrentExecutions: Optional[Any] - Layers: Optional[List[Any]] - EventInvokeConfig: Optional[Dict[str, Any]] - EphemeralStorage: Optional[Dict[str, Any]] - AutoPublishAlias: Optional[Intrinsicable[str]] - AutoPublishCodeSha256: Optional[Intrinsicable[str]] - AutoPublishAliasAllProperties: Optional[bool] - VersionDescription: Optional[Intrinsicable[str]] - ProvisionedConcurrencyConfig: Optional[Dict[str, Any]] - FileSystemConfigs: Optional[Dict[str, Any]] - ImageConfig: Optional[Dict[str, Any]] - CodeSigningConfigArn: Optional[Intrinsicable[str]] - Architectures: Optional[List[Any]] - SnapStart: Optional[Dict[str, Any]] - FunctionUrlConfig: Optional[Dict[str, Any]] - LoggingConfig: Optional[Dict[str, Any]] - RecursiveLoop: Optional[str] - SourceKMSKeyArn: Optional[str] - CapacityProviderConfig: Optional[Dict[str, Any]] - FunctionScalingConfig: Optional[Dict[str, Any]] - PublishToLatestPublished: Optional[PassThrough] - VersionDeletionPolicy: Optional[Intrinsicable[str]] - TenancyConfig: Optional[Dict[str, Any]] - DurableConfig: Optional[Dict[str, Any]] + FunctionName: Intrinsicable[str] | None + Handler: str | None + Runtime: str | None + CodeUri: Any | None + ImageUri: str | None + PackageType: str | None + InlineCode: Any | None + DeadLetterQueue: dict[str, Any] | None + Description: Intrinsicable[str] | None + MemorySize: Intrinsicable[int] | None + Timeout: Intrinsicable[int] | None + VpcConfig: dict[str, Any] | None + Role: Intrinsicable[str] | None + AssumeRolePolicyDocument: dict[str, Any] | None + Policies: list[Any] | None + RolePath: PassThrough | None + PermissionsBoundary: Intrinsicable[str] | None + Environment: dict[str, Any] | None + Events: dict[str, Any] | None + Tags: dict[str, Any] | None + PropagateTags: bool | None + Tracing: Intrinsicable[str] | None + KmsKeyArn: Intrinsicable[str] | None + DeploymentPreference: dict[str, Any] | None + ReservedConcurrentExecutions: Any | None + Layers: list[Any] | None + EventInvokeConfig: dict[str, Any] | None + EphemeralStorage: dict[str, Any] | None + AutoPublishAlias: Intrinsicable[str] | None + AutoPublishCodeSha256: Intrinsicable[str] | None + AutoPublishAliasAllProperties: bool | None + VersionDescription: Intrinsicable[str] | None + ProvisionedConcurrencyConfig: dict[str, Any] | None + FileSystemConfigs: dict[str, Any] | None + ImageConfig: dict[str, Any] | None + CodeSigningConfigArn: Intrinsicable[str] | None + Architectures: list[Any] | None + SnapStart: dict[str, Any] | None + FunctionUrlConfig: dict[str, Any] | None + LoggingConfig: dict[str, Any] | None + RecursiveLoop: str | None + SourceKMSKeyArn: str | None + CapacityProviderConfig: dict[str, Any] | None + FunctionScalingConfig: dict[str, Any] | None + PublishToLatestPublished: PassThrough | None + VersionDeletionPolicy: Intrinsicable[str] | None + TenancyConfig: dict[str, Any] | None + DurableConfig: dict[str, Any] | None event_resolver = ResourceTypeResolver( samtranslator.model.eventsources, @@ -284,7 +268,7 @@ class SamFunction(SamResourceMacro): dead_letter_queue_policy_actions = {"SQS": "sqs:SendMessage", "SNS": "sns:Publish"} # Conditions - conditions: Dict[str, Any] = {} # TODO: Replace `Any` with something more specific + conditions: dict[str, Any] = {} # TODO: Replace `Any` with something more specific # Customers can refer to the following properties of SAM function referable_properties = { @@ -308,7 +292,7 @@ class SamFunction(SamResourceMacro): # (ValidationRule.CONDITIONAL_REQUIREMENT, ["ProvisionedConcurrencyConfig", "AutoPublishAlias"]), ] - def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + def resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: try: return {"event_resources": self._event_resources_to_link(resources)} except InvalidEventException as e: @@ -323,10 +307,10 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # noqa: P :returns: a list of vanilla CloudFormation Resources, to which this Function expands :rtype: list """ - resources: List[Any] = [] + resources: list[Any] = [] intrinsics_resolver: IntrinsicsResolver = kwargs["intrinsics_resolver"] resource_resolver: ResourceResolver = kwargs["resource_resolver"] - mappings_resolver: Optional[IntrinsicsResolver] = kwargs.get("mappings_resolver") + mappings_resolver: IntrinsicsResolver | None = kwargs.get("mappings_resolver") conditions = kwargs.get("conditions", {}) feature_toggle = kwargs.get("feature_toggle") @@ -349,7 +333,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # noqa: P "To set ProvisionedConcurrencyConfig AutoPublishALias must be defined on the function", ) - lambda_alias: Optional[LambdaAlias] = None + lambda_alias: LambdaAlias | None = None alias_name = "" if self.AutoPublishAlias: alias_name = self._get_resolved_alias_name("AutoPublishAlias", self.AutoPublishAlias, intrinsics_resolver) @@ -399,7 +383,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # noqa: P self.get_passthrough_resource_attributes(), feature_toggle, ) - event_invoke_policies: List[Dict[str, Any]] = [] + event_invoke_policies: list[dict[str, Any]] = [] if self.EventInvokeConfig: function_name = lambda_function.logical_id event_invoke_resources, event_invoke_policies = self._construct_event_invoke_config( @@ -451,14 +435,14 @@ def _make_lambda_role( lambda_function: LambdaFunction, intrinsics_resolver: IntrinsicsResolver, execution_role: IAMRole, - ) -> Dict[str, Any]: + ) -> dict[str, Any]: """ Analyzes lambda role requirements and returns the changes needed. Returns: - Dict containing: + dict containing: - 'lambda_role_value': Any - value to set for lambda_function.Role - - 'new_condition': Dict|None - new condition to add to conditions dict + - 'new_condition': dict|None - new condition to add to conditions dict - 'iam_role_resource' : IAMRole - IAM Role used for Lambda execution """ lambda_role = lambda_function.Role @@ -469,7 +453,17 @@ def _make_lambda_role( # We need to create and if else condition here role_resolved_value = intrinsics_resolver.resolve_parameter_refs(lambda_role) - role_condition, role_if, role_else = role_resolved_value.get("Fn::If") + if_items = role_resolved_value.get("Fn::If") + try: + validate_intrinsic_if_items(if_items) + except ValueError as e: + # Surface a user-facing error instead of letting a ValueError propagate + # all the way out of the transform macro as "Internal transform failure". + raise InvalidResourceException( + self.logical_id, + f"Malformed 'Role' property: {e!s}.", + ) from e + role_condition, role_if, role_else = if_items if is_intrinsic_no_value(role_if) and is_intrinsic_no_value(role_else): lambda_role_value = execution_role_arn @@ -494,15 +488,15 @@ def _make_lambda_role( "iam_role_resource": execution_role, } - def _construct_event_invoke_config( # noqa: PLR0913 + def _construct_event_invoke_config( self, function_name: str, alias_name: str, - lambda_alias: Optional[LambdaAlias], + lambda_alias: LambdaAlias | None, intrinsics_resolver: IntrinsicsResolver, conditions: Any, - event_invoke_config: Dict[str, Any], - ) -> Tuple[List[Any], List[Dict[str, Any]]]: + event_invoke_config: dict[str, Any], + ) -> tuple[list[Any], list[dict[str, Any]]]: """ Create a `AWS::Lambda::EventInvokeConfig` based on the input dict `EventInvokeConfig` """ @@ -557,8 +551,8 @@ def _construct_event_invoke_config( # noqa: PLR0913 return resources, policy_document def _validate_and_inject_resource( - self, dest_config: Dict[str, Any], event: str, logical_id: str, conditions: Dict[str, Any] - ) -> Tuple[Optional[Resource], Optional[Any], Dict[str, Any]]: + self, dest_config: dict[str, Any], event: str, logical_id: str, conditions: dict[str, Any] + ) -> tuple[Resource | None, Any | None, dict[str, Any]]: """ For Event Invoke Config, if the user has not specified a destination ARN for SQS/SNS, SAM auto creates a SQS and SNS resource with defaults. Intrinsics are supported in the Destination @@ -567,7 +561,7 @@ def _validate_and_inject_resource( """ accepted_types_list = ["SQS", "SNS", "EventBridge", "Lambda", "S3Bucket"] auto_inject_list = ["SQS", "SNS"] - resource: Optional[Union[SNSTopic, SQSQueue]] = None + resource: Union[SNSTopic, SQSQueue] | None = None policy = {} destination = dest_config.get("Destination") @@ -613,7 +607,7 @@ def _validate_and_inject_resource( return resource, destination, policy - def _make_and_conditions(self, resource_condition: Any, property_condition: Any, conditions: Dict[str, Any]) -> Any: + def _make_and_conditions(self, resource_condition: Any, property_condition: Any, conditions: dict[str, Any]) -> Any: if resource_condition is None: return property_condition @@ -626,7 +620,7 @@ def _make_and_conditions(self, resource_condition: Any, property_condition: Any, return condition_name - def _get_or_make_condition(self, destination: Any, logical_id: str, conditions: Dict[str, Any]) -> Tuple[Any, Any]: + def _get_or_make_condition(self, destination: Any, logical_id: str, conditions: dict[str, Any]) -> tuple[Any, Any]: """ This method checks if there is an If condition on Destination property. Since we auto create SQS and SNS if the destination ARN is not provided, we need to make sure that If condition @@ -644,6 +638,15 @@ def _get_or_make_condition(self, destination: Any, logical_id: str, conditions: return None, None if is_intrinsic_if(destination): dest_list = destination.get("Fn::If") + try: + validate_intrinsic_if_items(dest_list) + except ValueError as e: + # Surface a user-facing error instead of letting an IndexError + # propagate out of the transform macro as "Internal transform failure". + raise InvalidResourceException( + logical_id, + f"Malformed 'Destination' property: {e!s}.", + ) from e if is_intrinsic_no_value(dest_list[1]) and is_intrinsic_no_value(dest_list[2]): return None, None if is_intrinsic_no_value(dest_list[1]): @@ -788,7 +791,7 @@ def _construct_lambda_function(self, intrinsics_resolver: IntrinsicsResolver) -> self._validate_package_type(lambda_function) return lambda_function - def _transform_capacity_provider_config(self) -> Dict[str, Any]: + def _transform_capacity_provider_config(self) -> dict[str, Any]: """ Transform SAM CapacityProviderConfig to CloudFormation format. @@ -810,18 +813,17 @@ def _transform_capacity_provider_config(self) -> Dict[str, Any]: # Validate CapacityProviderConfig using Pydantic model directly for comprehensive error collection try: - check_python_314_compatibility(aws_serverless_function, "Capacity Provider") validated_model = aws_serverless_function.CapacityProviderConfig.parse_obj(self.CapacityProviderConfig) except Exception as e: raise InvalidResourceException(self.logical_id, f"Invalid CapacityProviderConfig: {e!s}") from e # Extract validated properties - cast to Any to handle SamIntrinsicable types - capacity_provider_arn: Optional[SamIntrinsicable[str]] = validated_model.Arn - max_concurrency: Optional[SamIntrinsicable[int]] = validated_model.PerExecutionEnvironmentMaxConcurrency - memory_to_vcpu_ratio: Optional[SamIntrinsicable[float]] = validated_model.ExecutionEnvironmentMemoryGiBPerVCpu + capacity_provider_arn: SamIntrinsicable[str] | None = validated_model.Arn + max_concurrency: SamIntrinsicable[int] | None = validated_model.PerExecutionEnvironmentMaxConcurrency + memory_to_vcpu_ratio: SamIntrinsicable[float] | None = validated_model.ExecutionEnvironmentMemoryGiBPerVCpu # Build the transformed structure - ec2_config: Dict[str, Any] = {"CapacityProviderArn": capacity_provider_arn} + ec2_config: dict[str, Any] = {"CapacityProviderArn": capacity_provider_arn} if max_concurrency is not None: ec2_config["PerExecutionEnvironmentMaxConcurrency"] = max_concurrency @@ -832,8 +834,8 @@ def _transform_capacity_provider_config(self) -> Dict[str, Any]: return {"LambdaManagedInstancesCapacityProviderConfig": ec2_config} def _add_event_invoke_managed_policy( - self, dest_config: Dict[str, Any], logical_id: str, dest_arn: Any - ) -> Dict[str, Any]: + self, dest_config: dict[str, Any], logical_id: str, dest_arn: Any + ) -> dict[str, Any]: if dest_config and dest_config.get("Type"): _type = dest_config.get("Type") if _type == "SQS": @@ -851,10 +853,10 @@ def _add_event_invoke_managed_policy( def _construct_role( self, - managed_policy_map: Dict[str, Any], - event_invoke_policies: List[Dict[str, Any]], + managed_policy_map: dict[str, Any], + event_invoke_policies: list[dict[str, Any]], intrinsics_resolver: IntrinsicsResolver, - get_managed_policy_map: Optional[GetManagedPolicyMap] = None, + get_managed_policy_map: GetManagedPolicyMap | None = None, ) -> IAMRole: """Constructs a Lambda execution role based on this SAM function's Policies property. @@ -960,7 +962,7 @@ def _validate_package_type_image() -> None: # Call appropriate validation function based on the package type. return _validate_per_package_type[packagetype]() - def _validate_dlq(self, dead_letter_queue: Dict[str, Any]) -> None: + def _validate_dlq(self, dead_letter_queue: dict[str, Any]) -> None: """Validates whether the DeadLetterQueue LogicalId is validation :raise: InvalidResourceException """ @@ -979,7 +981,7 @@ def _validate_dlq(self, dead_letter_queue: Dict[str, Any]) -> None: if dlq_type not in self.dead_letter_queue_policy_actions: raise InvalidResourceException(self.logical_id, f"'DeadLetterQueue' requires Type of {valid_dlq_types}") - def _event_resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + def _event_resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: event_resources = {} if self.Events: for logical_id, event_dict in self.Events.items(): @@ -993,7 +995,7 @@ def _event_resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: return event_resources @staticmethod - def order_events(event: Tuple[str, Any]) -> Any: + def order_events(event: tuple[str, Any]) -> Any: """ Helper method for sorting Function Events. Returns a key to use in sorting this event @@ -1007,15 +1009,15 @@ def order_events(event: Tuple[str, Any]) -> Any: return logical_id return event_dict.get("Properties", {}).get("Path", logical_id) - def _generate_event_resources( # noqa: PLR0913 + def _generate_event_resources( self, lambda_function: LambdaFunction, - execution_role: Optional[IAMRole], + execution_role: IAMRole | None, event_resources: Any, intrinsics_resolver: IntrinsicsResolver, - lambda_alias: Optional[LambdaAlias] = None, - original_template: Optional[Dict[str, Any]] = None, - ) -> List[Any]: + lambda_alias: LambdaAlias | None = None, + original_template: dict[str, Any] | None = None, + ) -> list[Any]: """Generates and returns the resources associated with this function's events. :param model.lambda_.LambdaFunction lambda_function: generated Lambda function @@ -1053,7 +1055,7 @@ def _generate_event_resources( # noqa: PLR0913 return resources - def _construct_code_dict(self) -> Dict[str, Any]: + def _construct_code_dict(self) -> dict[str, Any]: """Constructs Lambda Code Dictionary based on the accepted SAM artifact properties such as `InlineCode`, `CodeUri` and `ImageUri` and also raises errors if more than one of them is defined. `PackageType` determines which artifacts are considered. @@ -1074,11 +1076,11 @@ def _construct_code_dict(self) -> Dict[str, Any]: # Inline function for transformation of inline code. # It accepts arbitrary argumemnts, because the arguments do not matter for the result. - def _construct_inline_code(*args: Any, **kwargs: Dict[str, Any]) -> Dict[str, Any]: + def _construct_inline_code(*args: Any, **kwargs: dict[str, Any]) -> dict[str, Any]: return {"ZipFile": self.InlineCode} # dispatch mechanism per artifact on how it needs to be transformed. - artifact_dispatch: Dict[str, Callable[..., Dict[str, Any]]] = { + artifact_dispatch: dict[str, Callable[..., dict[str, Any]]] = { "InlineCode": _construct_inline_code, "CodeUri": construct_s3_location_object, "ImageUri": construct_image_code_object, @@ -1105,7 +1107,7 @@ def _construct_inline_code(*args: Any, **kwargs: Dict[str, Any]) -> Dict[str, An filtered_key = "ImageUri" else: raise InvalidResourceException(self.logical_id, "Either 'InlineCode' or 'CodeUri' must be set.") - dispatch_function: Callable[..., Dict[str, Any]] = artifact_dispatch[filtered_key] + dispatch_function: Callable[..., dict[str, Any]] = artifact_dispatch[filtered_key] code_dict = dispatch_function(artifacts[filtered_key], self.logical_id, filtered_key) if self.SourceKMSKeyArn and packagetype == ZIP: code_dict["SourceKMSKeyArn"] = self.SourceKMSKeyArn @@ -1130,7 +1132,7 @@ def _construct_version( # noqa: PLR0912 function: LambdaFunction, intrinsics_resolver: IntrinsicsResolver, resource_resolver: ResourceResolver, - code_sha256: Optional[str] = None, + code_sha256: str | None = None, ) -> LambdaVersion: """Constructs a Lambda Version resource that will be auto-published when CodeUri of the function changes. Old versions will not be deleted without a direct reference from the CloudFormation template. @@ -1265,14 +1267,14 @@ def _construct_alias(self, name: str, function: LambdaFunction, version: LambdaV return alias - def _validate_deployment_preference_and_add_update_policy( # noqa: PLR0913 + def _validate_deployment_preference_and_add_update_policy( self, - deployment_preference_collection: Optional[DeploymentPreferenceCollection], - lambda_alias: Optional[LambdaAlias], + deployment_preference_collection: DeploymentPreferenceCollection | None, + lambda_alias: LambdaAlias | None, intrinsics_resolver: IntrinsicsResolver, mappings_resolver: IntrinsicsResolver, - passthrough_resource_attributes: Dict[str, Any], - feature_toggle: Optional[FeatureToggle] = None, + passthrough_resource_attributes: dict[str, Any], + feature_toggle: FeatureToggle | None = None, ) -> None: if not self.DeploymentPreference: return @@ -1330,7 +1332,7 @@ def _validate_deployment_preference_and_add_update_policy( # noqa: PLR0913 def _resolve_property_to_boolean( self, - property_value: Union[bool, str, Dict[str, Any]], + property_value: Union[bool, str, dict[str, Any]], property_name: str, intrinsics_resolver: IntrinsicsResolver, mappings_resolver: IntrinsicsResolver, @@ -1362,7 +1364,7 @@ def _resolve_property_to_boolean( raise InvalidResourceException(self.logical_id, f"Invalid value for property {property_name}.") def _construct_function_url( - self, lambda_function: LambdaFunction, lambda_alias: Optional[LambdaAlias], function_url_config: Dict[str, Any] + self, lambda_function: LambdaFunction, lambda_alias: LambdaAlias | None, function_url_config: dict[str, Any] ) -> LambdaUrl: """ This method is used to construct a lambda url resource @@ -1396,7 +1398,7 @@ def _construct_function_url( return lambda_url def _validate_function_url_params( - self, lambda_function: LambdaFunction, function_url_config: Dict[str, Any] + self, lambda_function: LambdaFunction, function_url_config: dict[str, Any] ) -> None: """ Validate parameters provided to configure Lambda Urls @@ -1404,7 +1406,7 @@ def _validate_function_url_params( self._validate_url_auth_type(lambda_function, function_url_config) self._validate_cors_config_parameter(lambda_function, function_url_config) - def _validate_url_auth_type(self, lambda_function: LambdaFunction, function_url_config: Dict[str, Any]) -> None: + def _validate_url_auth_type(self, lambda_function: LambdaFunction, function_url_config: dict[str, Any]) -> None: if is_intrinsic(function_url_config): return @@ -1419,7 +1421,7 @@ def _validate_url_auth_type(self, lambda_function: LambdaFunction, function_url_ ) def _validate_cors_config_parameter( - self, lambda_function: LambdaFunction, function_url_config: Dict[str, Any] + self, lambda_function: LambdaFunction, function_url_config: dict[str, Any] ) -> None: if is_intrinsic(function_url_config): return @@ -1454,8 +1456,8 @@ def _validate_cors_config_parameter( ) def _construct_url_permission( - self, lambda_function: LambdaFunction, lambda_alias: Optional[LambdaAlias], function_url_config: Dict[str, Any] - ) -> Optional[LambdaPermission]: + self, lambda_function: LambdaFunction, lambda_alias: LambdaAlias | None, function_url_config: dict[str, Any] + ) -> LambdaPermission | None: """ Construct the lambda permission associated with the function url resource in a case for public access when AuthType is NONE @@ -1469,7 +1471,7 @@ def _construct_url_permission( Lambda Alias resource - function_url_config: Dict + function_url_config: dict Function url config used to create FURL Returns @@ -1494,8 +1496,8 @@ def _construct_url_permission( return lambda_permission def _construct_invoke_permission( - self, lambda_function: LambdaFunction, lambda_alias: Optional[LambdaAlias], function_url_config: Dict[str, Any] - ) -> Optional[LambdaPermission]: + self, lambda_function: LambdaFunction, lambda_alias: LambdaAlias | None, function_url_config: dict[str, Any] + ) -> LambdaPermission | None: """ Construct the lambda permission associated with the function invoke resource in a case for public access when AuthType is NONE @@ -1508,7 +1510,7 @@ def _construct_invoke_permission( lambda_alias : LambdaAlias Lambda Alias resource - function_url_config: Dict + function_url_config: dict Function url config used to create FURL Returns @@ -1552,14 +1554,14 @@ class SamCapacityProvider(SamResourceMacro): "KmsKeyArn": Property(False, one_of(IS_STR, IS_DICT)), } - CapacityProviderName: Optional[Intrinsicable[str]] - VpcConfig: Dict[str, Any] - OperatorRole: Optional[PassThrough] - Tags: Optional[Dict[str, Any]] - PropagateTags: Optional[bool] - InstanceRequirements: Optional[Dict[str, Any]] - ScalingConfig: Optional[Dict[str, Any]] - KmsKeyArn: Optional[Intrinsicable[str]] + CapacityProviderName: Intrinsicable[str] | None + VpcConfig: dict[str, Any] + OperatorRole: PassThrough | None + Tags: dict[str, Any] | None + PropagateTags: bool | None + InstanceRequirements: dict[str, Any] | None + ScalingConfig: dict[str, Any] | None + KmsKeyArn: Intrinsicable[str] | None # Validation rules __validation_rules__ = [ @@ -1569,11 +1571,10 @@ class SamCapacityProvider(SamResourceMacro): ), ] - def to_cloudformation(self, **kwargs: Any) -> List[Resource]: + def to_cloudformation(self, **kwargs: Any) -> list[Resource]: """ Transform the SAM CapacityProvider resource to CloudFormation """ - check_python_314_compatibility(aws_serverless_capacity_provider, "Capacity Provider") self.validate_before_transform( schema_class=aws_serverless_capacity_provider.Properties, collect_all_errors=True, @@ -1652,39 +1653,41 @@ class SamApi(SamResourceMacro): "AlwaysDeploy": Property(False, IS_BOOL), "Policy": PropertyType(False, one_of(IS_STR, IS_DICT)), "SecurityPolicy": PropertyType(False, IS_STR), + "EndpointAccessMode": PropertyType(False, IS_STR), } - Name: Optional[Intrinsicable[str]] - StageName: Optional[Intrinsicable[str]] - Tags: Optional[Dict[str, Any]] - PropagateTags: Optional[bool] - DefinitionBody: Optional[Dict[str, Any]] - DefinitionUri: Optional[Intrinsicable[str]] - MergeDefinitions: Optional[bool] - CacheClusterEnabled: Optional[Intrinsicable[bool]] - CacheClusterSize: Optional[Intrinsicable[str]] - Variables: Optional[Dict[str, Any]] - EndpointConfiguration: Optional[Dict[str, Any]] - MethodSettings: Optional[List[Any]] - BinaryMediaTypes: Optional[List[Any]] - MinimumCompressionSize: Optional[Intrinsicable[int]] - Cors: Optional[Intrinsicable[str]] - Auth: Optional[Dict[str, Any]] - GatewayResponses: Optional[Dict[str, Any]] - AccessLogSetting: Optional[Dict[str, Any]] - CanarySetting: Optional[Dict[str, Any]] - TracingEnabled: Optional[Intrinsicable[bool]] - OpenApiVersion: Optional[Intrinsicable[str]] - Models: Optional[Dict[str, Any]] - Domain: Optional[Dict[str, Any]] - FailOnWarnings: Optional[Intrinsicable[bool]] - Description: Optional[Intrinsicable[str]] - Mode: Optional[Intrinsicable[str]] - DisableExecuteApiEndpoint: Optional[Intrinsicable[bool]] - ApiKeySourceType: Optional[Intrinsicable[str]] - AlwaysDeploy: Optional[bool] - Policy: Optional[Union[Dict[str, Any], Intrinsicable[str]]] - SecurityPolicy: Optional[Intrinsicable[str]] + Name: Intrinsicable[str] | None + StageName: Intrinsicable[str] | None + Tags: dict[str, Any] | None + PropagateTags: bool | None + DefinitionBody: dict[str, Any] | None + DefinitionUri: Intrinsicable[str] | None + MergeDefinitions: bool | None + CacheClusterEnabled: Intrinsicable[bool] | None + CacheClusterSize: Intrinsicable[str] | None + Variables: dict[str, Any] | None + EndpointConfiguration: dict[str, Any] | None + MethodSettings: list[Any] | None + BinaryMediaTypes: list[Any] | None + MinimumCompressionSize: Intrinsicable[int] | None + Cors: Intrinsicable[str] | None + Auth: dict[str, Any] | None + GatewayResponses: dict[str, Any] | None + AccessLogSetting: dict[str, Any] | None + CanarySetting: dict[str, Any] | None + TracingEnabled: Intrinsicable[bool] | None + OpenApiVersion: Intrinsicable[str] | None + Models: dict[str, Any] | None + Domain: dict[str, Any] | None + FailOnWarnings: Intrinsicable[bool] | None + Description: Intrinsicable[str] | None + Mode: Intrinsicable[str] | None + DisableExecuteApiEndpoint: Intrinsicable[bool] | None + ApiKeySourceType: Intrinsicable[str] | None + AlwaysDeploy: bool | None + Policy: Union[dict[str, Any], Intrinsicable[str]] | None + SecurityPolicy: Intrinsicable[str] | None + EndpointAccessMode: Intrinsicable[str] | None referable_properties = { "Stage": ApiGatewayStage.resource_type, @@ -1697,7 +1700,7 @@ class SamApi(SamResourceMacro): } @cw_timer - def to_cloudformation(self, **kwargs) -> List[Resource]: # type: ignore[no-untyped-def] + def to_cloudformation(self, **kwargs) -> list[Resource]: # type: ignore[no-untyped-def] """Returns the API Gateway RestApi, Deployment, and Stage to which this SAM Api corresponds. :param dict kwargs: already-converted resources that may need to be modified when converting this \ @@ -1754,6 +1757,7 @@ def to_cloudformation(self, **kwargs) -> List[Resource]: # type: ignore[no-unty feature_toggle=feature_toggle, policy=self.Policy, security_policy=self.SecurityPolicy, + endpoint_access_mode=self.EndpointAccessMode, ) generated_resources = api_generator.to_cloudformation(redeploy_restapi_parameters, route53_record_set_groups) @@ -1792,22 +1796,22 @@ class SamHttpApi(SamResourceMacro): "DisableExecuteApiEndpoint": PropertyType(False, IS_BOOL), } - Name: Optional[Any] - StageName: Optional[Intrinsicable[str]] - Tags: Optional[Dict[str, Any]] - PropagateTags: Optional[bool] - DefinitionBody: Optional[Dict[str, Any]] - DefinitionUri: Optional[Intrinsicable[str]] - StageVariables: Optional[Dict[str, Intrinsicable[str]]] - CorsConfiguration: Optional[Union[bool, Dict[str, Any]]] - AccessLogSettings: Optional[Dict[str, Any]] - DefaultRouteSettings: Optional[Dict[str, Any]] - Auth: Optional[Dict[str, Any]] - RouteSettings: Optional[Dict[str, Any]] - Domain: Optional[Dict[str, Any]] - FailOnWarnings: Optional[Intrinsicable[bool]] - Description: Optional[Intrinsicable[str]] - DisableExecuteApiEndpoint: Optional[Intrinsicable[bool]] + Name: Any | None + StageName: Intrinsicable[str] | None + Tags: dict[str, Any] | None + PropagateTags: bool | None + DefinitionBody: dict[str, Any] | None + DefinitionUri: Intrinsicable[str] | None + StageVariables: dict[str, Intrinsicable[str]] | None + CorsConfiguration: Union[bool, dict[str, Any]] | None + AccessLogSettings: dict[str, Any] | None + DefaultRouteSettings: dict[str, Any] | None + Auth: dict[str, Any] | None + RouteSettings: dict[str, Any] | None + Domain: dict[str, Any] | None + FailOnWarnings: Intrinsicable[bool] | None + Description: Intrinsicable[str] | None + DisableExecuteApiEndpoint: Intrinsicable[bool] | None referable_properties = { "Stage": ApiGatewayV2Stage.resource_type, @@ -1823,7 +1827,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] :returns: a list of vanilla CloudFormation Resources, to which this Function expands :rtype: list """ - resources: List[Resource] = [] + resources: list[Resource] = [] intrinsics_resolver = kwargs["intrinsics_resolver"] self.CorsConfiguration = intrinsics_resolver.resolve_parameter_refs(self.CorsConfiguration) self.Domain = intrinsics_resolver.resolve_parameter_refs(self.Domain) @@ -1906,29 +1910,29 @@ class SamWebSocketApi(SamResourceMacro): "Routes": PropertyType(True, IS_DICT), "RouteSettings": PropertyType(False, IS_DICT), "RouteSelectionExpression": PropertyType(True, IS_STR), - "StageName": PropertyType(False, IS_STR), + "StageName": PropertyType(False, one_of(IS_STR, IS_DICT)), "StageVariables": PropertyType(False, IS_DICT), "Tags": PropertyType(False, IS_DICT), } - ApiKeySelectionExpression: Optional[Intrinsicable[str]] - AccessLogSettings: Optional[Dict[str, Any]] - Auth: Optional[Dict[str, Any]] - DefaultRouteSettings: Optional[Dict[str, Any]] - Description: Optional[Intrinsicable[str]] - DisableExecuteApiEndpoint: Optional[Intrinsicable[bool]] - DisableSchemaValidation: Optional[Intrinsicable[bool]] - Domain: Optional[Dict[str, Any]] - FailOnWarnings: Optional[Intrinsicable[bool]] - IpAddressType: Optional[Intrinsicable[str]] - Name: Optional[str] - PropagateTags: Optional[bool] - Routes: Dict[str, Dict[str, Any]] - RouteSettings: Optional[Dict[str, Any]] + ApiKeySelectionExpression: Intrinsicable[str] | None + AccessLogSettings: dict[str, Any] | None + Auth: dict[str, Any] | None + DefaultRouteSettings: dict[str, Any] | None + Description: Intrinsicable[str] | None + DisableExecuteApiEndpoint: Intrinsicable[bool] | None + DisableSchemaValidation: Intrinsicable[bool] | None + Domain: dict[str, Any] | None + FailOnWarnings: Intrinsicable[bool] | None + IpAddressType: Intrinsicable[str] | None + Name: str | None + PropagateTags: bool | None + Routes: dict[str, dict[str, Any]] + RouteSettings: dict[str, Any] | None RouteSelectionExpression: str - StageName: Optional[str] - StageVariables: Optional[Dict[str, Intrinsicable[str]]] - Tags: Optional[Dict[str, Any]] + StageName: Intrinsicable[str] | None + StageVariables: dict[str, Intrinsicable[str]] | None + Tags: dict[str, Any] | None referable_properties = { "Stage": ApiGatewayV2Stage.resource_type, @@ -1971,7 +1975,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] tags=self.Tags, ) - resources: List[Resource] = api_generator._to_cloudformation(kwargs.get("route53setrecordgroups", {})) + resources: list[Resource] = api_generator._to_cloudformation(kwargs.get("route53setrecordgroups", {})) self.propagate_tags(resources, self.Tags, self.PropagateTags) @@ -1991,12 +1995,12 @@ class SamSimpleTable(SamResourceMacro): "SSESpecification": PropertyType(False, IS_DICT), } - PointInTimeRecoverySpecification: Optional[PassThrough] - PrimaryKey: Optional[Dict[str, str]] - ProvisionedThroughput: Optional[Dict[str, Any]] - TableName: Optional[Intrinsicable[str]] - Tags: Optional[Dict[str, Any]] - SSESpecification: Optional[Dict[str, Any]] + PointInTimeRecoverySpecification: PassThrough | None + PrimaryKey: dict[str, str] | None + ProvisionedThroughput: dict[str, Any] | None + TableName: Intrinsicable[str] | None + Tags: dict[str, Any] | None + SSESpecification: dict[str, Any] | None attribute_type_conversions = {"String": "S", "Number": "N", "Binary": "B"} @@ -2070,12 +2074,12 @@ class SamApplication(SamResourceMacro): "TimeoutInMinutes": PropertyType(False, IS_INT), } - Location: Union[str, Dict[str, Any]] - TemplateUrl: Optional[Intrinsicable[str]] - Parameters: Optional[Dict[str, Any]] - NotificationARNs: Optional[List[Any]] - Tags: Optional[Dict[str, Any]] - TimeoutInMinutes: Optional[Intrinsicable[int]] + Location: Union[str, dict[str, Any]] + TemplateUrl: Intrinsicable[str] | None + Parameters: dict[str, Any] | None + NotificationARNs: list[Any] | None + Tags: dict[str, Any] | None + TimeoutInMinutes: Intrinsicable[int] | None @cw_timer def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] @@ -2097,7 +2101,7 @@ def _construct_nested_stack(self) -> NestedStack: return nested_stack - def _get_application_tags(self) -> Dict[str, str]: + def _get_application_tags(self) -> dict[str, str]: """Adds tags to the stack if this resource is using the serverless app repo""" application_tags = {} if isinstance(self.Location, dict): @@ -2123,14 +2127,14 @@ class SamLayerVersion(SamResourceMacro): "RetentionPolicy": PropertyType(False, IS_STR), } - LayerName: Optional[Intrinsicable[str]] - Description: Optional[Intrinsicable[str]] - PublishLambdaVersion: Optional[bool] - ContentUri: Dict[str, Any] - CompatibleArchitectures: Optional[List[Any]] - CompatibleRuntimes: Optional[List[Any]] - LicenseInfo: Optional[Intrinsicable[str]] - RetentionPolicy: Optional[Intrinsicable[str]] + LayerName: Intrinsicable[str] | None + Description: Intrinsicable[str] | None + PublishLambdaVersion: bool | None + ContentUri: dict[str, Any] + CompatibleArchitectures: list[Any] | None + CompatibleRuntimes: list[Any] | None + LicenseInfo: Intrinsicable[str] | None + RetentionPolicy: Intrinsicable[str] | None retention_policy_options = [DeletionPolicy.RETAIN, DeletionPolicy.DELETE] @@ -2219,7 +2223,7 @@ def _construct_lambda_layer(self, intrinsics_resolver: IntrinsicsResolver) -> La return lambda_layer - def _get_retention_policy_value(self) -> Optional[str]: + def _get_retention_policy_value(self) -> str | None: """ Sets the deletion policy on this resource. The default is 'Retain'. @@ -2304,23 +2308,23 @@ class SamStateMachine(SamResourceMacro): "UseAliasAsEventTarget": Property(False, IS_BOOL), } - Definition: Optional[Dict[str, Any]] - DefinitionUri: Optional[Intrinsicable[str]] - Logging: Optional[Dict[str, Any]] - Role: Optional[Intrinsicable[str]] - RolePath: Optional[PassThrough] - DefinitionSubstitutions: Optional[Dict[str, Any]] - Events: Optional[Dict[str, Any]] - Name: Optional[Intrinsicable[str]] - Type: Optional[Intrinsicable[str]] - Tags: Optional[Dict[str, Any]] - PropagateTags: Optional[bool] - Policies: Optional[List[Any]] - Tracing: Optional[Dict[str, Any]] - PermissionsBoundary: Optional[Intrinsicable[str]] - AutoPublishAlias: Optional[PassThrough] - DeploymentPreference: Optional[PassThrough] - UseAliasAsEventTarget: Optional[bool] + Definition: dict[str, Any] | None + DefinitionUri: Intrinsicable[str] | None + Logging: dict[str, Any] | None + Role: Intrinsicable[str] | None + RolePath: PassThrough | None + DefinitionSubstitutions: dict[str, Any] | None + Events: dict[str, Any] | None + Name: Intrinsicable[str] | None + Type: Intrinsicable[str] | None + Tags: dict[str, Any] | None + PropagateTags: bool | None + Policies: list[Any] | None + Tracing: dict[str, Any] | None + PermissionsBoundary: Intrinsicable[str] | None + AutoPublishAlias: PassThrough | None + DeploymentPreference: PassThrough | None + UseAliasAsEventTarget: bool | None event_resolver = ResourceTypeResolver( samtranslator.model.stepfunctions.events, @@ -2368,13 +2372,13 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] return generated_resources - def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + def resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: try: return {"event_resources": self._event_resources_to_link(resources)} except InvalidEventException as e: raise InvalidResourceException(self.logical_id, e.message) from e - def _event_resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + def _event_resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: event_resources = {} if self.Events: for logical_id, event_dict in self.Events.items(): @@ -2395,9 +2399,9 @@ class SamConnector(SamResourceMacro): https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html """ - Source: Dict[str, Any] - Destination: Union[Dict[str, Any], List[Dict[str, Any]]] - Permissions: List[str] + Source: dict[str, Any] + Destination: Union[dict[str, Any], list[dict[str, Any]]] + Permissions: list[str] resource_type = "AWS::Serverless::Connector" property_types = { @@ -2407,7 +2411,7 @@ class SamConnector(SamResourceMacro): } @cw_timer - def to_cloudformation(self, **kwargs: Any) -> List[Resource]: + def to_cloudformation(self, **kwargs: Any) -> list[Resource]: resource_resolver: ResourceResolver = kwargs["resource_resolver"] original_template = kwargs["original_template"] @@ -2416,7 +2420,7 @@ def to_cloudformation(self, **kwargs: Any) -> List[Resource]: multi_dest = False self.Destination = [self.Destination] - list_generated_resources: List[Resource] = [] + list_generated_resources: list[Resource] = [] for dest_index, dest in enumerate(self.Destination): try: @@ -2447,7 +2451,7 @@ def generate_resources( dest_index: int, multi_dest: bool, resource_resolver: ResourceResolver, - ) -> List[Resource]: + ) -> list[Resource]: profile = get_profile(source.resource_type, destination.resource_type) if not profile: raise InvalidResourceException( @@ -2504,7 +2508,7 @@ def generate_resources( verify_profile_variables_replaced(profile_properties) - generated_resources: List[Resource] = [] + generated_resources: list[Resource] = [] if profile_type == "AWS_IAM_ROLE_MANAGED_POLICY": generated_resources.append( self._construct_iam_policy( @@ -2529,7 +2533,7 @@ def generate_resources( raise TypeError(f"Profile type {profile_type} is not supported") return generated_resources - def _get_policy_statements(self, profile: ConnectorProfile) -> Dict[str, Any]: + def _get_policy_statements(self, profile: ConnectorProfile) -> dict[str, Any]: policy_statements = [] for name, statements in profile["AccessCategories"].items(): if name in self.Permissions: @@ -2540,7 +2544,7 @@ def _get_policy_statements(self, profile: ConnectorProfile) -> Dict[str, Any]: "Statement": policy_statements, } - def _construct_iam_policy( # noqa: PLR0913 + def _construct_iam_policy( self, source: ConnectorResourceReference, destination: ConnectorResourceReference, @@ -2588,7 +2592,7 @@ def _construct_lambda_permission_policy( profile: ConnectorProfile, dest_index: int, multi_dest: bool, - ) -> List[LambdaPermission]: + ) -> list[LambdaPermission]: source_policy = profile["SourcePolicy"] lambda_function = source if source_policy else destination @@ -2685,8 +2689,8 @@ def _construct_sqs_queue_policy( def _add_connector_metadata( self, - generated_resources: List[Resource], - original_template: Dict[str, Any], + generated_resources: list[Resource], + original_template: dict[str, Any], source: ConnectorResourceReference, destination: ConnectorResourceReference, ) -> None: @@ -2751,51 +2755,50 @@ class SamGraphQLApi(SamResourceMacro): "ResolverCountLimit": PassThroughProperty(False), } - Auth: List[Dict[str, Any]] - Tags: Optional[Dict[str, Any]] - XrayEnabled: Optional[PassThrough] - Name: Optional[PassThrough] - SchemaInline: Optional[str] - SchemaUri: Optional[str] - Logging: Optional[Union[Dict[str, Any], bool]] - DataSources: Optional[Dict[str, Dict[str, Dict[str, Any]]]] - Functions: Optional[Dict[str, Dict[str, Any]]] - Resolvers: Optional[Dict[str, Dict[str, Dict[str, Any]]]] - ApiKeys: Optional[Dict[str, Dict[str, Any]]] - DomainName: Optional[Dict[str, Any]] - Cache: Optional[Dict[str, Any]] - Visibility: Optional[PassThrough] - OwnerContact: Optional[PassThrough] - IntrospectionConfig: Optional[PassThrough] - QueryDepthLimit: Optional[PassThrough] - ResolverCountLimit: Optional[PassThrough] + Auth: list[dict[str, Any]] + Tags: dict[str, Any] | None + XrayEnabled: PassThrough | None + Name: PassThrough | None + SchemaInline: str | None + SchemaUri: str | None + Logging: Union[dict[str, Any], bool] | None + DataSources: dict[str, dict[str, dict[str, Any]]] | None + Functions: dict[str, dict[str, Any]] | None + Resolvers: dict[str, dict[str, dict[str, Any]]] | None + ApiKeys: dict[str, dict[str, Any]] | None + DomainName: dict[str, Any] | None + Cache: dict[str, Any] | None + Visibility: PassThrough | None + OwnerContact: PassThrough | None + IntrospectionConfig: PassThrough | None + QueryDepthLimit: PassThrough | None + ResolverCountLimit: PassThrough | None # stop validation so we can use class variables for tracking state validate_setattr = False def __init__( self, - logical_id: Optional[Any], - relative_id: Optional[str] = None, - depends_on: Optional[List[str]] = None, - attributes: Optional[Dict[str, Any]] = None, + logical_id: Any | None, + relative_id: str | None = None, + depends_on: list[str] | None = None, + attributes: dict[str, Any] | None = None, ): super().__init__(logical_id, relative_id=relative_id, depends_on=depends_on, attributes=attributes) - self._none_datasource: Optional[DataSource] = None - self._datasource_name_map: Dict[str, Intrinsicable[str]] = {} - self._function_id_map: Dict[str, Intrinsicable[str]] = {} + self._none_datasource: DataSource | None = None + self._datasource_name_map: dict[str, Intrinsicable[str]] = {} + self._function_id_map: dict[str, Intrinsicable[str]] = {} @cw_timer - def to_cloudformation(self, **kwargs: Any) -> List[Resource]: - check_python_314_compatibility(aws_serverless_graphqlapi, "GraphQLApi") + def to_cloudformation(self, **kwargs: Any) -> list[Resource]: model = self.validate_properties_and_return_model(aws_serverless_graphqlapi.Properties) appsync_api, cloudwatch_role, auth_connectors = self._construct_appsync_api_resources(model) api_id = appsync_api.get_runtime_attr("api_id") appsync_schema = self._construct_appsync_schema(model, api_id) - resources: List[Resource] = [appsync_api, appsync_schema] + resources: list[Resource] = [appsync_api, appsync_schema] for connector in auth_connectors: resources.extend(connector.to_cloudformation(**kwargs)) @@ -2836,7 +2839,7 @@ def to_cloudformation(self, **kwargs: Any) -> List[Resource]: def _construct_appsync_api_resources( self, model: aws_serverless_graphqlapi.Properties - ) -> Tuple[GraphQLApi, Optional[IAMRole], List[SamConnector]]: + ) -> tuple[GraphQLApi, IAMRole | None, list[SamConnector]]: api = GraphQLApi(logical_id=self.logical_id, depends_on=self.depends_on, attributes=self.resource_attributes) api.Name = passthrough_value(model.Name) or self.logical_id @@ -2878,14 +2881,14 @@ def _construct_appsync_api_resources( def _parse_and_set_auth_properties( self, api: GraphQLApi, auth: aws_serverless_graphqlapi.Auth - ) -> List[Intrinsicable[str]]: + ) -> list[Intrinsicable[str]]: """ Parse the Auth properties in a Serverless::GraphQLApi resource. - Returns: List of Lambda Function arns of Lambda authorizers. If no Lambda authorizer is used, the list is empty. + Returns: list of Lambda Function arns of Lambda authorizers. If no Lambda authorizer is used, the list is empty. """ # Keep all lambda authorizers together to create connectors later - lambda_auth_arns: List[Intrinsicable[str]] = [] + lambda_auth_arns: list[Intrinsicable[str]] = [] # Default authoriser default_auth = aws_serverless_graphqlapi.Authorizer.parse_obj( @@ -2904,7 +2907,7 @@ def _parse_and_set_auth_properties( lambda_auth_arns.append(cast(LambdaAuthorizerConfigType, auth_dict)["AuthorizerUri"]) # Additional authentication - additional_auths: List[AdditionalAuthenticationProviderType] = [] + additional_auths: list[AdditionalAuthenticationProviderType] = [] if auth.Additional: for index, additional in enumerate(auth.Additional): name, auth_dict = self._validate_and_extract_authorizer_config(additional, index) @@ -2924,10 +2927,10 @@ def _parse_and_set_auth_properties( def _validate_and_extract_authorizer_config( self, auth: aws_serverless_graphqlapi.Authorizer, - index: Optional[int] = None, - ) -> Tuple[ - Optional[Literal["LambdaAuthorizerConfig", "OpenIDConnectConfig", "UserPoolConfig"]], - Optional[Union[LambdaAuthorizerConfigType, OpenIDConnectConfigType, UserPoolConfigType]], + index: int | None = None, + ) -> tuple[ + Literal["LambdaAuthorizerConfig", "OpenIDConnectConfig", "UserPoolConfig"] | None, + Union[LambdaAuthorizerConfigType, OpenIDConnectConfigType, UserPoolConfigType] | None, ]: """ Validates the authentication type and returns the name of the config property and the respective dictionary. @@ -3005,7 +3008,7 @@ def _construct_lambda_auth_connector( SamConnector(logical_id=logical_id).from_dict(logical_id=logical_id, resource_dict=connector_dict), ) - def _create_logging_default(self) -> Tuple[LogConfigType, IAMRole]: + def _create_logging_default(self) -> tuple[LogConfigType, IAMRole]: """ Create a default logging configuration. @@ -3020,7 +3023,7 @@ def _create_logging_default(self) -> Tuple[LogConfigType, IAMRole]: def _parse_logging_properties( self, model: aws_serverless_graphqlapi.Properties - ) -> Tuple[LogConfigType, Optional[IAMRole]]: + ) -> tuple[LogConfigType, IAMRole | None]: """Parse logging properties from SAM template, and use defaults if required keys dont exist.""" if not isinstance(model.Logging, aws_serverless_graphqlapi.Logging): return self._create_logging_default() @@ -3077,9 +3080,9 @@ def _construct_appsync_schema( return schema def _construct_appsync_api_keys( - self, api_keys: Dict[str, aws_serverless_graphqlapi.ApiKey], api_id: Intrinsicable[str] - ) -> List[Resource]: - resources: List[Resource] = [] + self, api_keys: dict[str, aws_serverless_graphqlapi.ApiKey], api_id: Intrinsicable[str] + ) -> list[Resource]: + resources: list[Resource] = [] # TODO: Add datetime parsing for ExpiresOn; currently expects Unix timestamp for relative_id, api_key in api_keys.items(): @@ -3098,7 +3101,7 @@ def _construct_appsync_api_keys( def _construct_domain_name_resources( self, domain_name: aws_serverless_graphqlapi.DomainName, api_id: Intrinsicable[str] - ) -> List[Resource]: + ) -> list[Resource]: cfn_domain_name = DomainName( logical_id=f"{self.logical_id}DomainName", depends_on=self.depends_on, attributes=self.resource_attributes ) @@ -3136,8 +3139,8 @@ def _construct_datasource_resources( self, datasources: aws_serverless_graphqlapi.DataSources, api_id: Intrinsicable[str], - kwargs: Dict[str, Any], - ) -> List[Resource]: + kwargs: dict[str, Any], + ) -> list[Resource]: ddb_datasources = self._construct_ddb_datasources(datasources.DynamoDb, api_id, kwargs) lambda_datasources = self._construct_lambda_datasources(datasources.Lambda, api_id, kwargs) @@ -3145,14 +3148,14 @@ def _construct_datasource_resources( def _construct_ddb_datasources( self, - ddb_datasources: Optional[Dict[str, aws_serverless_graphqlapi.DynamoDBDataSource]], + ddb_datasources: dict[str, aws_serverless_graphqlapi.DynamoDBDataSource] | None, api_id: Intrinsicable[str], - kwargs: Dict[str, Any], - ) -> List[Resource]: + kwargs: dict[str, Any], + ) -> list[Resource]: if not ddb_datasources: return [] - resources: List[Resource] = [] + resources: list[Resource] = [] for relative_id, ddb_datasource in ddb_datasources.items(): datasource_logical_id = self._create_appsync_data_source_logical_id( @@ -3184,8 +3187,8 @@ def _parse_ddb_datasource_role( ddb_datasource: aws_serverless_graphqlapi.DynamoDBDataSource, datasource_arn: Intrinsicable[str], datasource_logical_id: str, - kwargs: Dict[str, Any], - ) -> Tuple[str, List[Resource]]: + kwargs: dict[str, Any], + ) -> tuple[str, list[Resource]]: # If the user defined a role, then there's no need to generate role/policy for them, so we return fast. if ddb_datasource.ServiceRoleArn: return cast(PassThrough, ddb_datasource.ServiceRoleArn), [] @@ -3239,8 +3242,8 @@ def _construct_ddb_datasource_connector_resources( destination_arn: Intrinsicable[str], permissions: PermissionsType, role_name: Intrinsicable[str], - kwargs: Dict[str, Any], - ) -> List[Resource]: + kwargs: dict[str, Any], + ) -> list[Resource]: logical_id = f"{datasource_id}ToTableConnector" connector_dict = { "Type": "AWS::Serverless::Connector", @@ -3263,14 +3266,14 @@ def _construct_ddb_datasource_connector_resources( def _construct_lambda_datasources( self, - lambda_datasources: Optional[Dict[str, aws_serverless_graphqlapi.LambdaDataSource]], + lambda_datasources: dict[str, aws_serverless_graphqlapi.LambdaDataSource] | None, api_id: Intrinsicable[str], - kwargs: Dict[str, Any], - ) -> List[Resource]: + kwargs: dict[str, Any], + ) -> list[Resource]: if not lambda_datasources: return [] - resources: List[Resource] = [] + resources: list[Resource] = [] for relative_id, lambda_datasource in lambda_datasources.items(): datasource_logical_id = self._create_appsync_data_source_logical_id(self.logical_id, "Lambda", relative_id) @@ -3304,8 +3307,8 @@ def _parse_lambda_datasource_role( datasource_arn: Intrinsicable[str], function_arn: PassThrough, datasource_logical_id: str, - kwargs: Dict[str, Any], - ) -> Tuple[str, List[Resource]]: + kwargs: dict[str, Any], + ) -> tuple[str, list[Resource]]: if lambda_datasource.ServiceRoleArn: return passthrough_value(lambda_datasource.ServiceRoleArn), [] @@ -3332,8 +3335,8 @@ def _construct_lambda_datasource_connector_resources( source_arn: Intrinsicable[str], destination_arn: Intrinsicable[str], role_name: Intrinsicable[str], - kwargs: Dict[str, Any], - ) -> List[Resource]: + kwargs: dict[str, Any], + ) -> list[Resource]: logical_id = f"{datasource_id}ToLambdaConnector" connector_dict = { "Type": "AWS::Serverless::Connector", @@ -3357,10 +3360,10 @@ def _construct_lambda_datasource_connector_resources( def _construct_appsync_function_configurations( self, - functions: Dict[str, aws_serverless_graphqlapi.Function], + functions: dict[str, aws_serverless_graphqlapi.Function], api_id: Intrinsicable[str], - ) -> List[FunctionConfiguration]: - func_configs: List[FunctionConfiguration] = [] + ) -> list[FunctionConfiguration]: + func_configs: list[FunctionConfiguration] = [] for relative_id, function in functions.items(): # "Id" refers to the "FunctionId" attribute for a "AppSync::FunctionConfiguration" resource. @@ -3398,7 +3401,7 @@ def _construct_appsync_function_configurations( return func_configs @staticmethod - def _is_none_datasource_input(datasource: Optional[str]) -> bool: + def _is_none_datasource_input(datasource: str | None) -> bool: return datasource is not None and datasource.lower() == "none" def _construct_none_datasource( @@ -3463,13 +3466,13 @@ def _parse_datasource_name( # if DataSource is intrinsic function like !GetAttr AppSyncDataSource.Name # but it can also be ImportValue or Sub or maybe something else - return function.DataSource # it's an intrinsic function Dict here + return function.DataSource # it's an intrinsic function dict here @staticmethod def _parse_function_code_properties( function: aws_serverless_graphqlapi.Function, relative_id: str, - ) -> Tuple[Optional[PassThrough], Optional[PassThrough]]: + ) -> tuple[PassThrough | None, PassThrough | None]: """ Parses the code properties from Serverless::GraphQLApi function. @@ -3509,11 +3512,11 @@ def _parse_runtime( def _construct_appsync_resolver_resources( self, - resolvers: Dict[str, Dict[str, aws_serverless_graphqlapi.Resolver]], + resolvers: dict[str, dict[str, aws_serverless_graphqlapi.Resolver]], api_id: Intrinsicable[str], schema_logical_id: str, - ) -> List[Resource]: - resources: List[Resource] = [] + ) -> list[Resource]: + resources: list[Resource] = [] for type_name, relative_id_to_resolver in resolvers.items(): for relative_id, resolver in relative_id_to_resolver.items(): @@ -3565,7 +3568,7 @@ def _construct_appsync_resolver_resources( def _parse_appsync_resolver_functions( self, appsync_resolver: aws_serverless_graphqlapi.Resolver, relative_id: str - ) -> List[Intrinsicable[str]]: + ) -> list[Intrinsicable[str]]: """ Parse functions property in GraphQLApi Resolver. diff --git a/samtranslator/model/scheduler.py b/samtranslator/model/scheduler.py index a92dc73fe4..53d31e0359 100644 --- a/samtranslator/model/scheduler.py +++ b/samtranslator/model/scheduler.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, Optional +from typing import Any from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.intrinsics import fnGetAtt @@ -23,14 +23,14 @@ class SchedulerSchedule(Resource): ScheduleExpression: PassThrough FlexibleTimeWindow: PassThrough - Name: Optional[PassThrough] - State: Optional[PassThrough] - Description: Optional[PassThrough] - StartDate: Optional[PassThrough] - EndDate: Optional[PassThrough] - ScheduleExpressionTimezone: Optional[PassThrough] - GroupName: Optional[PassThrough] - KmsKeyArn: Optional[PassThrough] - Target: Dict[str, Any] + Name: PassThrough | None + State: PassThrough | None + Description: PassThrough | None + StartDate: PassThrough | None + EndDate: PassThrough | None + ScheduleExpressionTimezone: PassThrough | None + GroupName: PassThrough | None + KmsKeyArn: PassThrough | None + Target: dict[str, Any] runtime_attrs = {"arn": lambda self: fnGetAtt(self.logical_id, "Arn")} diff --git a/samtranslator/model/sqs.py b/samtranslator/model/sqs.py index d829b43625..50370855f4 100644 --- a/samtranslator/model/sqs.py +++ b/samtranslator/model/sqs.py @@ -1,5 +1,3 @@ -from typing import Dict - from samtranslator.model import GeneratedProperty, PropertyType, Resource from samtranslator.model.intrinsics import fnGetAtt, ref from samtranslator.model.types import PassThrough @@ -7,7 +5,7 @@ class SQSQueue(Resource): resource_type = "AWS::SQS::Queue" - property_types: Dict[str, PropertyType] = { + property_types: dict[str, PropertyType] = { "FifoQueue": GeneratedProperty(), "Tags": GeneratedProperty(), } diff --git a/samtranslator/model/stepfunctions/__init__.py b/samtranslator/model/stepfunctions/__init__.py index 2ce3fe4ea6..ff78e1a4c9 100644 --- a/samtranslator/model/stepfunctions/__init__.py +++ b/samtranslator/model/stepfunctions/__init__.py @@ -1,8 +1,8 @@ __all__ = [ + "StateMachineGenerator", "StepFunctionsStateMachine", - "StepFunctionsStateMachineVersion", "StepFunctionsStateMachineAlias", - "StateMachineGenerator", + "StepFunctionsStateMachineVersion", "events", ] diff --git a/samtranslator/model/stepfunctions/events.py b/samtranslator/model/stepfunctions/events.py index d2f8500b40..b85ab9f87b 100644 --- a/samtranslator/model/stepfunctions/events.py +++ b/samtranslator/model/stepfunctions/events.py @@ -1,6 +1,6 @@ import json from abc import ABCMeta -from typing import Any, Dict, List, Optional, Union, cast +from typing import Any, Union, cast from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model import Property, PropertyType, Resource, ResourceMacro @@ -32,7 +32,7 @@ class EventSource(ResourceMacro, metaclass=ABCMeta): principal: str = None # type: ignore relative_id: str # overriding the Optional[str]: for event, relative id is not None - Target: Optional[Dict[str, str]] + Target: dict[str, str] | None def _generate_logical_id(self, prefix, suffix, resource_type): # type: ignore[no-untyped-def] """Helper utility to generate a logicial ID for a new resource @@ -54,8 +54,8 @@ def _generate_logical_id(self, prefix, suffix, resource_type): # type: ignore[n def _construct_role( self, resource: StepFunctionsStateMachine, - permissions_boundary: Optional[str], - prefix: Optional[str], + permissions_boundary: str | None, + prefix: str | None, suffix: str = "", ) -> IAMRole: """Constructs the IAM Role resource allowing the event service to invoke @@ -104,15 +104,15 @@ class Schedule(EventSource): } Schedule: PassThrough - Input: Optional[PassThrough] - Enabled: Optional[bool] - State: Optional[PassThrough] - Name: Optional[PassThrough] - Description: Optional[PassThrough] - DeadLetterConfig: Optional[Dict[str, Any]] - RetryPolicy: Optional[PassThrough] - Target: Optional[PassThrough] - RoleArn: Optional[PassThrough] + Input: PassThrough | None + Enabled: bool | None + State: PassThrough | None + Name: PassThrough | None + Description: PassThrough | None + DeadLetterConfig: dict[str, Any] | None + RetryPolicy: PassThrough | None + Target: PassThrough | None + RoleArn: PassThrough | None @cw_timer(prefix=SFN_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] @@ -122,7 +122,7 @@ def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] :returns: a list of vanilla CloudFormation Resources, to which this Schedule event expands :rtype: list """ - resources: List[Any] = [] + resources: list[Any] = [] permissions_boundary = kwargs.get("permissions_boundary") @@ -144,7 +144,7 @@ def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] events_rule.Name = self.Name events_rule.Description = self.Description - role: Union[IAMRole, str, Dict[str, Any]] + role: Union[IAMRole, str, dict[str, Any]] if self.RoleArn is None: role = self._construct_role(resource, permissions_boundary, prefix=None) resources.append(role) @@ -166,9 +166,9 @@ def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] def _construct_target( self, resource: StepFunctionsStateMachine, - role: Union[IAMRole, str, Dict[str, Any]], - dead_letter_queue_arn: Optional[str], - ) -> Dict[str, Any]: + role: Union[IAMRole, str, dict[str, Any]], + dead_letter_queue_arn: str | None, + ) -> dict[str, Any]: """_summary_ Parameters @@ -227,16 +227,16 @@ class CloudWatchEvent(EventSource): "InputTransformer": PropertyType(False, IS_DICT), } - EventBusName: Optional[PassThrough] - RuleName: Optional[PassThrough] - Pattern: Optional[PassThrough] - Input: Optional[PassThrough] - InputPath: Optional[PassThrough] - DeadLetterConfig: Optional[Dict[str, Any]] - RetryPolicy: Optional[PassThrough] - State: Optional[PassThrough] - Target: Optional[PassThrough] - InputTransformer: Optional[PassThrough] + EventBusName: PassThrough | None + RuleName: PassThrough | None + Pattern: PassThrough | None + Input: PassThrough | None + InputPath: PassThrough | None + DeadLetterConfig: dict[str, Any] | None + RetryPolicy: PassThrough | None + State: PassThrough | None + Target: PassThrough | None + InputTransformer: PassThrough | None @cw_timer(prefix=SFN_EVETSOURCE_METRIC_PREFIX) def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] @@ -247,7 +247,7 @@ def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] :returns: a list of vanilla CloudFormation Resources, to which this CloudWatch Events/EventBridge event expands :rtype: list """ - resources: List[Any] = [] + resources: list[Any] = [] permissions_boundary = kwargs.get("permissions_boundary") @@ -340,11 +340,11 @@ class Api(EventSource): Path: str Method: str RestApiId: str - Stage: Optional[str] - Auth: Optional[Dict[str, Any]] - UnescapeMappingTemplate: Optional[bool] + Stage: str | None + Auth: dict[str, Any] | None + UnescapeMappingTemplate: bool | None - def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]: + def resources_to_link(self, resources: dict[str, Any]) -> dict[str, Any]: """ If this API Event Source refers to an explicit API resource, resolve the reference and grab necessary data from the explicit API @@ -366,7 +366,7 @@ def to_cloudformation(self, resource, **kwargs): # type: ignore[no-untyped-def] :returns: a list of vanilla CloudFormation Resources, to which this Api event expands :rtype: list """ - resources: List[Any] = [] + resources: list[Any] = [] intrinsics_resolver = kwargs.get("intrinsics_resolver") permissions_boundary = kwargs.get("permissions_boundary") @@ -436,7 +436,7 @@ def _add_swagger_integration(self, api, api_id, resource, role, intrinsics_resol api["DefinitionBody"] = editor.swagger - def _generate_request_template(self, resource: Resource) -> Dict[str, Any]: + def _generate_request_template(self, resource: Resource) -> dict[str, Any]: """Generates the Body mapping request template for the Api. This allows for the input request to the Api to be passed as the execution input to the associated state machine resource. @@ -457,7 +457,7 @@ def _generate_request_template(self, resource: Resource) -> Dict[str, Any]: ) } - def _generate_request_template_unescaped(self, resource: Resource) -> Dict[str, Any]: + def _generate_request_template_unescaped(self, resource: Resource) -> dict[str, Any]: """Generates the Body mapping request template for the Api. This allows for the input request to the Api to be passed as the execution input to the associated state machine resource. diff --git a/samtranslator/model/stepfunctions/generators.py b/samtranslator/model/stepfunctions/generators.py index 0c443a4788..6ed1ca301c 100644 --- a/samtranslator/model/stepfunctions/generators.py +++ b/samtranslator/model/stepfunctions/generators.py @@ -1,6 +1,6 @@ import json from copy import deepcopy -from typing import Any, Dict, List, Tuple +from typing import Any from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.exceptions import InvalidEventException, InvalidResourceException @@ -74,7 +74,7 @@ def __init__( # type: ignore[no-untyped-def] # noqa: PLR0913 :param role_path: The file path of the execution role :param state_machine_type: Type of the State Machine :param tracing: Tracing configuration for the State Machine - :param events: List of event sources for the State Machine + :param events: list of event sources for the State Machine :param event_resources: Event resources to link :param event_resolver: Resolver that maps Event types to Event classes :param tags: Tags to be associated with the State Machine resource @@ -122,7 +122,7 @@ def to_cloudformation(self): # type: ignore[no-untyped-def] :returns: a list of resources including the State Machine resource. :rtype: list """ - resources: List[Any] = [self.state_machine] + resources: list[Any] = [self.state_machine] # Defaulting to {} will add the DefinitionSubstitutions field on the transform output even when it is not relevant if self.definition_substitutions: @@ -173,7 +173,7 @@ def to_cloudformation(self): # type: ignore[no-untyped-def] return resources - def _construct_definition_uri(self) -> Dict[str, Any]: + def _construct_definition_uri(self) -> dict[str, Any]: """ Constructs the State Machine's `DefinitionS3 property`_, from the SAM State Machines's DefinitionUri property. @@ -247,11 +247,11 @@ def _construct_role(self) -> IAMRole: get_managed_policy_map=self.get_managed_policy_map, ) - def _construct_tag_list(self) -> List[Dict[str, Any]]: + def _construct_tag_list(self) -> list[dict[str, Any]]: """ Transforms the SAM defined Tags into the form CloudFormation is expecting. - :returns: List of Tag Dictionaries + :returns: list of Tag Dictionaries :rtype: list """ sam_tag = {self._SAM_KEY: self._SAM_VALUE} @@ -309,7 +309,7 @@ def _construct_alias(self, version: StepFunctionsStateMachineVersion) -> StepFun def _generate_managed_traffic_shifting_resources( self, - ) -> List[Any]: + ) -> list[Any]: """Generates and returns the version and alias resources associated with this state machine's managed traffic shifting. :returns: a list containing the state machine's version and alias resources @@ -329,7 +329,7 @@ def _generate_managed_traffic_shifting_resources( state_machine_version = self._construct_version() return [state_machine_version, self._construct_alias(state_machine_version)] - def _generate_event_resources(self) -> List[Dict[str, Any]]: + def _generate_event_resources(self) -> list[dict[str, Any]]: """Generates and returns the resources associated with this state machine's event sources. :returns: a list containing the state machine's event resources @@ -365,7 +365,7 @@ def _replace_dynamic_values_with_substitutions(self, _input): # type: ignore[no :param _input: Input dictionary in which the dynamic values need to be replaced with substitutions - :returns: List of substitution to dynamic value mappings + :returns: list of substitution to dynamic value mappings :rtype: dict """ substitution_map = {} @@ -384,7 +384,7 @@ def _get_paths_to_intrinsics(self, _input, path=None): # type: ignore[no-untype :param _input: Input dictionary to find paths to dynamic values in :param path: Optional list to keep track of the path to the input dictionary - :returns list: List of keys that defines the path to a dynamic value within the input dictionary + :returns list: list of keys that defines the path to a dynamic value within the input dictionary """ if path is None: path = [] @@ -404,7 +404,7 @@ def _get_paths_to_intrinsics(self, _input, path=None): # type: ignore[no-untype return dynamic_value_paths - def _generate_substitution(self) -> Tuple[str, str]: + def _generate_substitution(self) -> tuple[str, str]: """ Generates a name and key for a new substitution. diff --git a/samtranslator/model/stepfunctions/resources.py b/samtranslator/model/stepfunctions/resources.py index 7cb07ba902..3d8303695a 100644 --- a/samtranslator/model/stepfunctions/resources.py +++ b/samtranslator/model/stepfunctions/resources.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, List, Optional +from typing import Any from samtranslator.model import GeneratedProperty, Resource from samtranslator.model.intrinsics import fnGetAtt, ref @@ -19,16 +19,16 @@ class StepFunctionsStateMachine(Resource): "TracingConfiguration": GeneratedProperty(), } - Definition: Optional[Dict[str, Any]] - DefinitionString: Optional[str] - DefinitionS3Location: Optional[Dict[str, Any]] - LoggingConfiguration: Optional[Dict[str, Any]] + Definition: dict[str, Any] | None + DefinitionString: str | None + DefinitionS3Location: dict[str, Any] | None + LoggingConfiguration: dict[str, Any] | None RoleArn: str - StateMachineName: Optional[str] - StateMachineType: Optional[str] - Tags: Optional[List[Dict[str, Any]]] - DefinitionSubstitutions: Optional[Dict[str, Any]] - TracingConfiguration: Optional[Dict[str, Any]] + StateMachineName: str | None + StateMachineType: str | None + Tags: list[dict[str, Any]] | None + DefinitionSubstitutions: dict[str, Any] | None + TracingConfiguration: dict[str, Any] | None runtime_attrs = { "arn": lambda self: ref(self.logical_id), diff --git a/samtranslator/model/tags/resource_tagging.py b/samtranslator/model/tags/resource_tagging.py index 788bfc46d3..6a7c2ffe5e 100644 --- a/samtranslator/model/tags/resource_tagging.py +++ b/samtranslator/model/tags/resource_tagging.py @@ -1,11 +1,11 @@ # Constants for Tagging -from typing import Any, Dict, List, Optional +from typing import Any _KEY = "Key" _VALUE = "Value" -def get_tag_list(resource_tag_dict: Optional[Dict[str, Any]]) -> List[Dict[str, Any]]: +def get_tag_list(resource_tag_dict: dict[str, Any] | None) -> list[dict[str, Any]]: """ Transforms the SAM defined Tags into the form CloudFormation is expecting. @@ -23,7 +23,7 @@ def get_tag_list(resource_tag_dict: Optional[Dict[str, Any]]) -> List[Dict[str, ``` :param resource_tag_dict: Customer defined dictionary (SAM Example from above) - :return: List of Tag Dictionaries (CloudFormation Equivalent from above) + :return: list of Tag Dictionaries (CloudFormation Equivalent from above) """ tag_list = [] # type: ignore[var-annotated] if resource_tag_dict is None: diff --git a/samtranslator/model/types.py b/samtranslator/model/types.py index 522def9a59..1f015ab9e4 100644 --- a/samtranslator/model/types.py +++ b/samtranslator/model/types.py @@ -9,7 +9,8 @@ either a string or a list of strings, but do not validate whether the string(s) are valid IAM policy ARNs. """ -from typing import Any, Callable, List, Type, Union +from collections.abc import Callable +from typing import Any, Union import samtranslator.model.exceptions from samtranslator.internal.deprecation_control import deprecated @@ -23,7 +24,7 @@ Validator = Callable[..., bool] -def is_type(valid_type: Type[Any]) -> Validator: +def is_type(valid_type: type[Any]) -> Validator: """Returns a validator function that succeeds only for inputs of the provided valid_type. :param type valid_type: the type that should be considered valid for the validator @@ -48,7 +49,7 @@ def validate(value: Any, should_raise: bool = True) -> bool: IS_INT = is_type(int) -def list_of(validate_item: Union[Type[Any], Validator]) -> Validator: +def list_of(validate_item: Union[type[Any], Validator]) -> Validator: """Returns a validator function that succeeds only if the input is a list, and each item in the list passes as input to the provided validator validate_item. @@ -138,7 +139,7 @@ def validate(value: Any, should_raise: bool = False) -> bool: return validate -def IS_STR_ENUM(valid_values: List[str]) -> Validator: +def IS_STR_ENUM(valid_values: list[str]) -> Validator: """Returns a validator function that succeeds only if the input is a string matching one of the valid enum values. :param list valid_values: the valid string values for the enum diff --git a/samtranslator/model/update_policy.py b/samtranslator/model/update_policy.py index de97c3cd2b..2ae1b88670 100644 --- a/samtranslator/model/update_policy.py +++ b/samtranslator/model/update_policy.py @@ -1,5 +1,5 @@ from collections import namedtuple -from typing import Any, Dict +from typing import Any from samtranslator.model.intrinsics import ref @@ -22,7 +22,7 @@ class UpdatePolicy(CodeDeployLambdaAliasUpdate): - def to_dict(self) -> Dict[str, Dict[str, Any]]: + def to_dict(self) -> dict[str, dict[str, Any]]: """ :return: a dict that can be used as part of a cloudformation template """ diff --git a/samtranslator/open_api/base_editor.py b/samtranslator/open_api/base_editor.py index e5a9ef26ef..760a95d290 100644 --- a/samtranslator/open_api/base_editor.py +++ b/samtranslator/open_api/base_editor.py @@ -1,7 +1,8 @@ """Base class for OpenApiEditor and SwaggerEditor.""" import re -from typing import Any, Dict, Iterator, List, Optional, Union +from collections.abc import Iterator +from typing import Any, Union from samtranslator.model.apigateway import ApiGatewayAuthorizer from samtranslator.model.apigatewayv2 import ApiGatewayV2Authorizer @@ -21,11 +22,11 @@ class BaseEditor: _OPENAPI_VERSION_3_REGEX = r"\A3(\.\d)(\.\d)?$" # attributes: - _doc: Dict[str, Any] - paths: Dict[str, Any] + _doc: dict[str, Any] + paths: dict[str, Any] @staticmethod - def get_conditional_contents(item: Any) -> List[Any]: + def get_conditional_contents(item: Any) -> list[Any]: """ Returns the contents of the given item. If a conditional block has been used inside the item, returns a list of the content @@ -47,7 +48,7 @@ def get_conditional_contents(item: Any) -> List[Any]: return contents @staticmethod - def method_definition_has_integration(method_definition: Dict[str, Any]) -> bool: + def method_definition_has_integration(method_definition: dict[str, Any]) -> bool: """ Checks a method definition to make sure it has an apigw integration @@ -56,7 +57,7 @@ def method_definition_has_integration(method_definition: Dict[str, Any]) -> bool """ return bool(method_definition.get(BaseEditor._X_APIGW_INTEGRATION)) - def method_has_integration(self, raw_method_definition: Dict[str, Any], path: str, method: str) -> bool: + def method_has_integration(self, raw_method_definition: dict[str, Any], path: str, method: str) -> bool: """ Returns true if the given method contains a valid method definition. This uses the get_conditional_contents function to handle conditionals. @@ -110,7 +111,7 @@ def _normalize_method_name(method: Any) -> Any: return BaseEditor._X_ANY_METHOD return method - def has_path(self, path: str, method: Optional[str] = None) -> bool: + def has_path(self, path: str, method: str | None = None) -> bool: """ Returns True if this Swagger has the given path and optional method For paths with conditionals, only returns true if both items (true case, and false case) have the method. @@ -153,7 +154,7 @@ def has_integration(self, path: str, method: str) -> bool: # Integration present and non-empty return True - def add_path(self, path: str, method: Optional[str] = None) -> None: + def add_path(self, path: str, method: str | None = None) -> None: """ Adds the path/method combination to the Swagger, if not already present @@ -174,7 +175,7 @@ def add_path(self, path: str, method: Optional[str] = None) -> None: for path_item in self.get_conditional_contents(path_dict): path_item.setdefault(method, Py27Dict()) - def add_timeout_to_method(self, api: Dict[str, Any], path: str, method_name: str, timeout: int) -> None: + def add_timeout_to_method(self, api: dict[str, Any], path: str, method_name: str, timeout: int) -> None: """ Adds a timeout to the path/method. @@ -189,7 +190,7 @@ def add_timeout_to_method(self, api: Dict[str, Any], path: str, method_name: str @staticmethod def _get_authorization_scopes( - authorizers: Union[Dict[str, ApiGatewayAuthorizer], Dict[str, ApiGatewayV2Authorizer]], default_authorizer: str + authorizers: Union[dict[str, ApiGatewayAuthorizer], dict[str, ApiGatewayV2Authorizer]], default_authorizer: str ) -> Any: """ Returns auth scopes for an authorizer if present @@ -203,7 +204,7 @@ def _get_authorization_scopes( def iter_on_method_definitions_for_path_at_method( self, path_name: str, method_name: str, skip_methods_without_apigw_integration: bool = True - ) -> Iterator[Dict[str, Any]]: + ) -> Iterator[dict[str, Any]]: """ Yields all the method definitions for the path+method combinations if path and/or method have IF conditionals. If there are no conditionals, will just yield the single method definition at the given path and method name. @@ -251,7 +252,7 @@ def validate_path_item_is_dict(path_item: Any, path: str) -> None: ) @staticmethod - def validate_method_definition_is_dict(method_definition: Optional[Any], path: str, method: str) -> None: + def validate_method_definition_is_dict(method_definition: Any | None, path: str, method: str) -> None: BaseEditor.validate_is_dict( method_definition, f"Definition of method '{method}' for path '{path}' should be a map." ) diff --git a/samtranslator/open_api/open_api.py b/samtranslator/open_api/open_api.py index 8ced511649..5fd785c02c 100644 --- a/samtranslator/open_api/open_api.py +++ b/samtranslator/open_api/open_api.py @@ -1,7 +1,8 @@ import copy import json import re -from typing import Any, Callable, Dict, Optional, TypeVar +from collections.abc import Callable +from typing import Any, TypeVar from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.apigatewayv2 import ApiGatewayV2Authorizer @@ -40,9 +41,9 @@ class OpenApiEditor(BaseEditor): _DEFAULT_OPENAPI_TITLE = ref("AWS::StackName") # Attributes: - _doc: Dict[str, Any] + _doc: dict[str, Any] - def __init__(self, doc: Optional[Dict[str, Any]]) -> None: + def __init__(self, doc: dict[str, Any] | None) -> None: """ Initialize the class with a swagger dictionary. This class creates a copy of the Swagger and performs all modifications on this copy. @@ -234,7 +235,7 @@ def add_payload_format_version_to_method(self, api, path, method_name, payload_f for method_definition in self.iter_on_method_definitions_for_path_at_method(path, method_name): method_definition[self._X_APIGW_INTEGRATION]["payloadFormatVersion"] = payload_format_version - def add_authorizers_security_definitions(self, authorizers: Dict[str, ApiGatewayV2Authorizer]) -> None: + def add_authorizers_security_definitions(self, authorizers: dict[str, ApiGatewayV2Authorizer]) -> None: """ Add Authorizer definitions to the securityDefinitions part of Swagger. @@ -249,7 +250,7 @@ def set_path_default_authorizer( self, path: str, default_authorizer: str, - authorizers: Dict[str, ApiGatewayV2Authorizer], + authorizers: dict[str, ApiGatewayV2Authorizer], ) -> None: """ Adds the default_authorizer to the security block for each method on this path unless an Authorizer @@ -260,7 +261,7 @@ def set_path_default_authorizer( :param string path: Path name :param string default_authorizer: Name of the authorizer to use as the default. Must be a key in the authorizers param. - :param dict authorizers: Dict of Authorizer configurations defined on the related Api. + :param dict authorizers: dict of Authorizer configurations defined on the related Api. """ for path_item in self.get_conditional_contents(self.paths.get(path)): BaseEditor.validate_path_item_is_dict(path_item, path) @@ -361,7 +362,7 @@ def _set_method_authorizer(self, path, method_name, authorizer_name, authorizers if security: method_definition["security"] = security - def add_tags(self, tags: Dict[str, Intrinsicable[str]]) -> None: + def add_tags(self, tags: dict[str, Intrinsicable[str]]) -> None: """ Adds tags to the OpenApi definition using an ApiGateway extension for tag values. @@ -389,7 +390,7 @@ def add_tags(self, tags: Dict[str, Intrinsicable[str]]) -> None: tag[self._X_APIGW_TAG_VALUE] = value self.tags.append(tag) - def add_endpoint_config(self, disable_execute_api_endpoint: Optional[Intrinsicable[bool]]) -> None: + def add_endpoint_config(self, disable_execute_api_endpoint: Intrinsicable[bool] | None) -> None: """Add endpoint configuration to _X_APIGW_ENDPOINT_CONFIG header in open api definition Following this guide: @@ -418,7 +419,7 @@ def add_endpoint_config(self, disable_execute_api_endpoint: Optional[Intrinsicab self._doc[self._SERVERS] = servers_configurations - def add_cors( # type: ignore[no-untyped-def] # noqa: PLR0913 + def add_cors( # type: ignore[no-untyped-def] self, allow_origins, allow_headers=None, @@ -508,12 +509,10 @@ def add_title(self, title: Intrinsicable[str]) -> None: self.info["title"] = title def has_api_gateway_cors(self) -> bool: - if self._doc.get(self._X_APIGW_CORS): - return True - return False + return bool(self._doc.get(self._X_APIGW_CORS)) @property - def openapi(self) -> Dict[str, Any]: + def openapi(self) -> dict[str, Any]: """ Returns a **copy** of the OpenApi specification as a dictionary. diff --git a/samtranslator/parser/parser.py b/samtranslator/parser/parser.py index 243cedefe6..a032dd45bb 100644 --- a/samtranslator/parser/parser.py +++ b/samtranslator/parser/parser.py @@ -1,5 +1,5 @@ import logging -from typing import Any, Dict +from typing import Any from samtranslator.model.exceptions import ( InvalidDocumentException, @@ -18,7 +18,7 @@ class Parser: def __init__(self) -> None: pass - def parse(self, sam_template: Dict[str, Any], parameter_values: Dict[str, Any], sam_plugins: SamPlugins) -> None: + def parse(self, sam_template: dict[str, Any], parameter_values: dict[str, Any], sam_plugins: SamPlugins) -> None: self._validate(sam_template, parameter_values) # type: ignore[no-untyped-call] sam_plugins.act(LifeCycleEvents.before_transform_template, sam_template) diff --git a/samtranslator/plugins/__init__.py b/samtranslator/plugins/__init__.py index b211c36279..0b71b82f22 100644 --- a/samtranslator/plugins/__init__.py +++ b/samtranslator/plugins/__init__.py @@ -1,7 +1,6 @@ import logging from abc import ABC from enum import Enum -from typing import Optional LOG = logging.getLogger(__name__) @@ -21,9 +20,9 @@ class BasePlugin(ABC): Base class for a NoOp plugin that implements all available hooks """ - _custom_name: Optional[str] + _custom_name: str | None - def __init__(self, name: Optional[str] = None) -> None: + def __init__(self, name: str | None = None) -> None: """ Initialize the plugin with optional given name. diff --git a/samtranslator/plugins/api/implicit_api_plugin.py b/samtranslator/plugins/api/implicit_api_plugin.py index bd6e7e64cc..a878f0ba77 100644 --- a/samtranslator/plugins/api/implicit_api_plugin.py +++ b/samtranslator/plugins/api/implicit_api_plugin.py @@ -1,6 +1,6 @@ import copy from abc import ABCMeta, abstractmethod -from typing import Any, Dict, Generic, Optional, Tuple, Type, TypeVar, Union +from typing import Any, Generic, TypeVar, Union from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.eventsources.push import Api @@ -14,7 +14,7 @@ from samtranslator.utils.py27hash_fix import Py27Dict from samtranslator.validator.value_validator import sam_expect -T = TypeVar("T", bound=Union[Type[OpenApiEditor], Type[SwaggerEditor]]) +T = TypeVar("T", bound=Union[type[OpenApiEditor], type[SwaggerEditor]]) class ImplicitApiPlugin(BasePlugin, Generic[T], metaclass=ABCMeta): @@ -54,22 +54,22 @@ def __init__(self) -> None: """ super().__init__() - self.existing_implicit_api_resource: Optional[SamResource] = None + self.existing_implicit_api_resource: SamResource | None = None # dict containing condition (or None) for each resource path+method for all APIs. dict format: # {api_id: {path: {method: condition_name_or_None}}} - self.api_conditions: Dict[str, Any] = {} - self.api_deletion_policies: Dict[str, Any] = {} - self.api_update_replace_policies: Dict[str, Any] = {} + self.api_conditions: dict[str, Any] = {} + self.api_deletion_policies: dict[str, Any] = {} + self.api_update_replace_policies: dict[str, Any] = {} @abstractmethod - def _process_api_events( # noqa: PLR0913 + def _process_api_events( self, function: SamResource, - api_events: Dict[str, Dict[str, Any]], + api_events: dict[str, dict[str, Any]], template: SamTemplate, - condition: Optional[str] = None, - deletion_policy: Optional[str] = None, - update_replace_policy: Optional[str] = None, + condition: str | None = None, + deletion_policy: str | None = None, + update_replace_policy: str | None = None, ) -> None: """ Actually process given API events. Iteratively adds the APIs to Swagger JSON in the respective Serverless::Api @@ -88,13 +88,13 @@ def _get_api_definition_from_editor(self, editor): # type: ignore[no-untyped-de """ @abstractmethod - def _generate_implicit_api_resource(self) -> Dict[str, Any]: + def _generate_implicit_api_resource(self) -> dict[str, Any]: """ Helper function implemented by child classes that create a new implicit API resource """ def _add_tags_to_implicit_api_if_necessary( - self, event_properties: Dict[str, Any], resource: SamResource, template: SamTemplate + self, event_properties: dict[str, Any], resource: SamResource, template: SamTemplate ) -> None: """ Decides whether to add tags to the implicit api resource. @@ -224,9 +224,8 @@ def _add_api_to_swagger(self, event_id, event_properties, template): # type: ig # can be found https://github.com/aws/serverless-application-model/blob/develop/tests/translator/output/api_with_any_method_in_swagger.json. # One would argue that, this is unexpected and should actually fail. Instead of suddenly breaking customers in this # position, we added a check to make sure the Plugin run (Http or Rest) is referencing an api of the same type. - is_referencing_http_from_api_event = ( - not template.get(api_id) - or template.get(api_id).type == "AWS::Serverless::HttpApi" + is_referencing_http_from_api_event = not template.get(api_id) or ( + template.get(api_id).type == "AWS::Serverless::HttpApi" and template.get(api_id).type != self.SERVERLESS_API_RESOURCE_TYPE ) @@ -269,7 +268,7 @@ def _add_api_to_swagger(self, event_id, event_properties, template): # type: ig resource.properties["DefinitionBody"] = self._get_api_definition_from_editor(editor) # type: ignore[no-untyped-call] template.set(api_id, resource) - def _get_api_id(self, event_properties: Dict[str, Any]) -> Any: + def _get_api_id(self, event_properties: dict[str, Any]) -> Any: """ Get API logical id from API event properties. @@ -467,7 +466,7 @@ def _maybe_remove_implicit_api(self, template): # type: ignore[no-untyped-def] else: template.delete(self.IMPLICIT_API_LOGICAL_ID) - def _validate_api_event(self, event_id: str, event_properties: Dict[str, Any]) -> Tuple[str, str, str]: + def _validate_api_event(self, event_id: str, event_properties: dict[str, Any]) -> tuple[str, str, str]: """Validate and return api_id, path, method.""" api_id = self._get_api_id(event_properties) path = event_properties.get("Path") @@ -483,14 +482,14 @@ def _validate_api_event(self, event_id: str, event_properties: Dict[str, Any]) - sam_expect(method, event_id, "Method", is_sam_event=True).to_be_a_string(), ) - def _update_resource_attributes_from_api_event( # noqa: PLR0913 + def _update_resource_attributes_from_api_event( self, api_id: str, path: str, method: str, - condition: Optional[str], - deletion_policy: Optional[str], - update_replace_policy: Optional[str], + condition: str | None, + deletion_policy: str | None, + update_replace_policy: str | None, ) -> None: api_dict_condition = self.api_conditions.setdefault(api_id, {}) method_conditions = api_dict_condition.setdefault(path, {}) diff --git a/samtranslator/plugins/api/implicit_http_api_plugin.py b/samtranslator/plugins/api/implicit_http_api_plugin.py index 292ded99be..9f3a6d3821 100644 --- a/samtranslator/plugins/api/implicit_http_api_plugin.py +++ b/samtranslator/plugins/api/implicit_http_api_plugin.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, Optional, Type, cast +from typing import Any, cast from samtranslator.model.intrinsics import make_conditional from samtranslator.plugins.api.implicit_api_plugin import ImplicitApiPlugin @@ -8,7 +8,7 @@ from samtranslator.validator.value_validator import sam_expect -class ImplicitHttpApiPlugin(ImplicitApiPlugin[Type[OpenApiEditor]]): +class ImplicitHttpApiPlugin(ImplicitApiPlugin[type[OpenApiEditor]]): """ This plugin provides Implicit Http API shorthand syntax in the SAM Spec. @@ -33,14 +33,14 @@ class ImplicitHttpApiPlugin(ImplicitApiPlugin[Type[OpenApiEditor]]): SERVERLESS_API_RESOURCE_TYPE = SamResourceType.HttpApi.value EDITOR_CLASS = OpenApiEditor - def _process_api_events( # noqa: PLR0913 + def _process_api_events( self, function: SamResource, - api_events: Dict[str, Dict[str, Any]], + api_events: dict[str, dict[str, Any]], template: SamTemplate, - condition: Optional[str] = None, - deletion_policy: Optional[str] = None, - update_replace_policy: Optional[str] = None, + condition: str | None = None, + deletion_policy: str | None = None, + update_replace_policy: str | None = None, ) -> None: """ Actually process given HTTP API events. Iteratively adds the APIs to OpenApi JSON in the respective @@ -86,20 +86,20 @@ def _process_api_events( # noqa: PLR0913 # We could have made changes to the Events structure. Write it back to function function.properties["Events"].update(api_events) - def _generate_implicit_api_resource(self) -> Dict[str, Any]: + def _generate_implicit_api_resource(self) -> dict[str, Any]: """ Uses the implicit API in this file to generate an Implicit API resource """ return ImplicitHttpApiResource().to_dict() - def _get_api_definition_from_editor(self, editor: OpenApiEditor) -> Dict[str, Any]: + def _get_api_definition_from_editor(self, editor: OpenApiEditor) -> dict[str, Any]: """ Helper function to return the OAS definition from the editor """ return editor.openapi def _add_route_settings_to_api( - self, event_id: str, event_properties: Dict[str, Any], template: SamTemplate, condition: Optional[str] + self, event_id: str, event_properties: dict[str, Any], template: SamTemplate, condition: str | None ) -> None: """ Adds the RouteSettings for this path/method from the given event to the RouteSettings configuration diff --git a/samtranslator/plugins/api/implicit_rest_api_plugin.py b/samtranslator/plugins/api/implicit_rest_api_plugin.py index aae5e0e5b5..97c5372f00 100644 --- a/samtranslator/plugins/api/implicit_rest_api_plugin.py +++ b/samtranslator/plugins/api/implicit_rest_api_plugin.py @@ -1,4 +1,4 @@ -from typing import Any, Dict, Optional, Type +from typing import Any from samtranslator.plugins.api.implicit_api_plugin import ImplicitApiPlugin from samtranslator.public.sdk.resource import SamResource, SamResourceType @@ -7,7 +7,7 @@ from samtranslator.validator.value_validator import sam_expect -class ImplicitRestApiPlugin(ImplicitApiPlugin[Type[SwaggerEditor]]): +class ImplicitRestApiPlugin(ImplicitApiPlugin[type[SwaggerEditor]]): """ This plugin provides Implicit API shorthand syntax in the SAM Spec. https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#api @@ -35,14 +35,14 @@ class ImplicitRestApiPlugin(ImplicitApiPlugin[Type[SwaggerEditor]]): SERVERLESS_API_RESOURCE_TYPE = SamResourceType.Api.value EDITOR_CLASS = SwaggerEditor - def _process_api_events( # noqa: PLR0913 + def _process_api_events( self, function: SamResource, - api_events: Dict[str, Dict[str, Any]], + api_events: dict[str, dict[str, Any]], template: SamTemplate, - condition: Optional[str] = None, - deletion_policy: Optional[str] = None, - update_replace_policy: Optional[str] = None, + condition: str | None = None, + deletion_policy: str | None = None, + update_replace_policy: str | None = None, ) -> None: """ Actually process given API events. Iteratively adds the APIs to Swagger JSON in the respective Serverless::Api @@ -77,13 +77,13 @@ def _process_api_events( # noqa: PLR0913 # We could have made changes to the Events structure. Write it back to function function.properties["Events"].update(api_events) - def _generate_implicit_api_resource(self) -> Dict[str, Any]: + def _generate_implicit_api_resource(self) -> dict[str, Any]: """ Uses the implicit API in this file to generate an Implicit API resource """ return ImplicitApiResource().to_dict() - def _get_api_definition_from_editor(self, editor: SwaggerEditor) -> Dict[str, Any]: + def _get_api_definition_from_editor(self, editor: SwaggerEditor) -> dict[str, Any]: """ Helper function to return the OAS definition from the editor """ diff --git a/samtranslator/plugins/application/serverless_app_plugin.py b/samtranslator/plugins/application/serverless_app_plugin.py index 02d70d9f71..fecbb5f39f 100644 --- a/samtranslator/plugins/application/serverless_app_plugin.py +++ b/samtranslator/plugins/application/serverless_app_plugin.py @@ -2,8 +2,9 @@ import json import logging import re +from collections.abc import Callable from time import sleep -from typing import Any, Callable, Dict, List, Optional, Tuple +from typing import Any import boto3 from botocore.client import BaseClient @@ -54,11 +55,11 @@ class ServerlessAppPlugin(BasePlugin): def __init__( self, - sar_client: Optional[BaseClient] = None, + sar_client: BaseClient | None = None, wait_for_template_active_status: bool = False, validate_only: bool = False, - parameters: Optional[Dict[str, Any]] = None, - sar_client_creator: Optional[Callable[[], BaseClient]] = None, + parameters: dict[str, Any] | None = None, + sar_client_creator: Callable[[], BaseClient] | None = None, ) -> None: """ Initialize the plugin. @@ -73,8 +74,8 @@ def __init__( super().__init__() if parameters is None: parameters = {} - self._applications: Dict[Tuple[str, str], Any] = {} - self._in_progress_templates: List[Tuple[str, str]] = [] + self._applications: dict[tuple[str, str], Any] = {} + self._in_progress_templates: list[tuple[str, str]] = [] self.__sar_client = sar_client self._sar_client_creator = sar_client_creator self._wait_for_template_active_status = wait_for_template_active_status @@ -100,7 +101,7 @@ def _sar_client(self) -> BaseClient: return self.__sar_client @staticmethod - def _make_app_key(app_id: Any, semver: Any) -> Tuple[str, str]: + def _make_app_key(app_id: Any, semver: Any) -> tuple[str, str]: """Generate a key that is always hashable.""" return json.dumps(app_id, default=str), json.dumps(semver, default=str) @@ -399,7 +400,7 @@ def on_after_transform_template(self, template): # type: ignore[no-untyped-def] def _get_sleep_time_sec(self) -> int: return self.SLEEP_TIME_SECONDS - def _is_template_active(self, response: Dict[str, Any], application_id: str, template_id: str) -> bool: + def _is_template_active(self, response: dict[str, Any], application_id: str, template_id: str) -> bool: """ Checks the response from a SAR service call; returns True if the template is active, throws an exception if the request expired and returns False in all other cases. diff --git a/samtranslator/plugins/globals/globals.py b/samtranslator/plugins/globals/globals.py index cfe558c490..83940b03e4 100644 --- a/samtranslator/plugins/globals/globals.py +++ b/samtranslator/plugins/globals/globals.py @@ -1,5 +1,5 @@ import copy -from typing import Any, Dict, List, Optional, Union +from typing import Any, Union from samtranslator.model.exceptions import ExceptionWithMessage, InvalidResourceAttributeTypeException from samtranslator.public.intrinsics import is_intrinsics @@ -89,6 +89,7 @@ class Globals: "AlwaysDeploy", "PropagateTags", "SecurityPolicy", + "EndpointAccessMode", ], SamResourceType.HttpApi.value: [ "Auth", @@ -131,13 +132,13 @@ class Globals: ], } # unreleased_properties *must be* part of supported_properties too - unreleased_properties: Dict[str, List[str]] = { + unreleased_properties: dict[str, list[str]] = { SamResourceType.Function.value: [], } - unreleased_resource_types: List[str] = [SamResourceType.WebSocketApi.value] + unreleased_resource_types: list[str] = [] - def __init__(self, template: Dict[str, Any]) -> None: + def __init__(self, template: dict[str, Any]) -> None: """ Constructs an instance of this object @@ -151,13 +152,13 @@ def __init__(self, template: Dict[str, Any]) -> None: # Sort the names for stability in list ordering self.supported_resource_section_names.sort() - self.template_globals: Dict[str, GlobalProperties] = {} + self.template_globals: dict[str, GlobalProperties] = {} if self._KEYWORD in template: self.template_globals = self._parse(template[self._KEYWORD]) # type: ignore[no-untyped-call] def get_template_globals( - self, logical_id: str, resource_type: str, ignore_globals: Optional[Union[str, List[str]]] + self, logical_id: str, resource_type: str, ignore_globals: Union[str, list[str]] | None ) -> "GlobalProperties": """ Get template globals but remove globals based on IgnoreGlobals attribute. @@ -198,9 +199,9 @@ def get_template_globals( def merge( self, resource_type: str, - resource_properties: Dict[str, Any], + resource_properties: dict[str, Any], logical_id: str = "", - ignore_globals: Optional[Union[str, List[str]]] = None, + ignore_globals: Union[str, list[str]] | None = None, ) -> Any: """ Adds global properties to the resource, if necessary. This method is a no-op if there are no global properties @@ -220,7 +221,7 @@ def merge( return global_props.merge(resource_properties) # type: ignore[no-untyped-call] @classmethod - def del_section(cls, template: Dict[str, Any]) -> None: + def del_section(cls, template: dict[str, Any]) -> None: """ Helper method to delete the Globals section altogether from the template @@ -232,7 +233,7 @@ def del_section(cls, template: Dict[str, Any]) -> None: del template[cls._KEYWORD] @classmethod - def fix_openapi_definitions(cls, template: Dict[str, Any]) -> None: + def fix_openapi_definitions(cls, template: dict[str, Any]) -> None: """ Helper method to postprocess the resources to make sure the swagger doc version matches the one specified on the resource with flag OpenApiVersion. @@ -475,7 +476,7 @@ def _do_merge(self, global_value, local_value): # type: ignore[no-untyped-def] def _merge_lists(self, global_list, local_list): # type: ignore[no-untyped-def] """ - Merges the global list with the local list. List merging is simply a concatenation = global + local + Merges the global list with the local list. list merging is simply a concatenation = global + local :param global_list: Global value list :param local_list: Local value list diff --git a/samtranslator/plugins/globals/globals_plugin.py b/samtranslator/plugins/globals/globals_plugin.py index bb1c1028ee..b46c4c9762 100644 --- a/samtranslator/plugins/globals/globals_plugin.py +++ b/samtranslator/plugins/globals/globals_plugin.py @@ -1,4 +1,4 @@ -from typing import Any, Dict +from typing import Any from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.exceptions import InvalidResourceAttributeTypeException @@ -16,7 +16,7 @@ class GlobalsPlugin(BasePlugin): """ @cw_timer(prefix="Plugin-Globals") - def on_before_transform_template(self, template_dict: Dict[str, Any]) -> None: + def on_before_transform_template(self, template_dict: dict[str, Any]) -> None: """ Hook method that runs before a template gets transformed. In this method, we parse and process Globals section from the template (if present). diff --git a/samtranslator/plugins/sam_plugins.py b/samtranslator/plugins/sam_plugins.py index 54298fab1e..914ba5e572 100644 --- a/samtranslator/plugins/sam_plugins.py +++ b/samtranslator/plugins/sam_plugins.py @@ -1,5 +1,5 @@ import logging -from typing import Any, List, Optional, Union +from typing import Any, Union from samtranslator.model.exceptions import InvalidDocumentException, InvalidResourceException, InvalidTemplateException from samtranslator.plugins import BasePlugin, LifeCycleEvents @@ -47,13 +47,13 @@ class SamPlugins: set by the plugin. SAM translator will convert this into a nice error message and display to the user. """ - def __init__(self, initial_plugins: Optional[Union[BasePlugin, List[BasePlugin]]] = None) -> None: + def __init__(self, initial_plugins: Union[BasePlugin, list[BasePlugin]] | None = None) -> None: """ Initialize the plugins class with an optional list of plugins - :param BasePlugin or list initial_plugins: Single plugin or a List of plugins to initialize with + :param BasePlugin or list initial_plugins: Single plugin or a list of plugins to initialize with """ - self._plugins: List[BasePlugin] = [] + self._plugins: list[BasePlugin] = [] if initial_plugins is None: initial_plugins = [] diff --git a/samtranslator/policy_template_processor/processor.py b/samtranslator/policy_template_processor/processor.py index a749a552a2..e894249947 100644 --- a/samtranslator/policy_template_processor/processor.py +++ b/samtranslator/policy_template_processor/processor.py @@ -1,6 +1,6 @@ import json from pathlib import Path -from typing import Any, Dict, Optional +from typing import Any import jsonschema from jsonschema.exceptions import ValidationError @@ -51,7 +51,7 @@ class PolicyTemplatesProcessor: # ./policy_templates.json DEFAULT_POLICY_TEMPLATES_FILE = policy_templates_data.POLICY_TEMPLATES_FILE - def __init__(self, policy_templates_dict: Dict[str, Any], schema: Optional[Dict[str, Any]] = None) -> None: + def __init__(self, policy_templates_dict: dict[str, Any], schema: dict[str, Any] | None = None) -> None: """ Initialize the class @@ -103,9 +103,7 @@ def convert(self, template_name: str, parameter_values: str) -> Any: return template.to_statement(parameter_values) @staticmethod - def _is_valid_templates_dict( - policy_templates_dict: Dict[Any, Any], schema: Optional[Dict[Any, Any]] = None - ) -> bool: + def _is_valid_templates_dict(policy_templates_dict: dict[Any, Any], schema: dict[Any, Any] | None = None) -> bool: """ Is this a valid policy template dictionary diff --git a/samtranslator/public/exceptions.py b/samtranslator/public/exceptions.py index 54a870b1d2..7371822f2b 100644 --- a/samtranslator/public/exceptions.py +++ b/samtranslator/public/exceptions.py @@ -1,3 +1,3 @@ -__all__ = ["InvalidResourceException", "InvalidDocumentException", "InvalidEventException"] +__all__ = ["InvalidDocumentException", "InvalidEventException", "InvalidResourceException"] from samtranslator.model.exceptions import InvalidDocumentException, InvalidEventException, InvalidResourceException diff --git a/samtranslator/public/models.py b/samtranslator/public/models.py index 7553aa01e3..6eddf067bf 100644 --- a/samtranslator/public/models.py +++ b/samtranslator/public/models.py @@ -1,5 +1,3 @@ -from typing import List - from samtranslator.model.resource_policies import PolicyTypes, ResourcePolicies -__all__: List[str] = ["PolicyTypes", "ResourcePolicies"] +__all__: list[str] = ["PolicyTypes", "ResourcePolicies"] diff --git a/samtranslator/public/parser.py b/samtranslator/public/parser.py index dbb8c10043..96f3ffdad5 100644 --- a/samtranslator/public/parser.py +++ b/samtranslator/public/parser.py @@ -1,5 +1,3 @@ -from typing import List - from samtranslator.parser.parser import Parser -__all__: List[str] = ["Parser"] +__all__: list[str] = ["Parser"] diff --git a/samtranslator/public/sdk/parameter.py b/samtranslator/public/sdk/parameter.py index 8f397a222e..49a89da8ce 100644 --- a/samtranslator/public/sdk/parameter.py +++ b/samtranslator/public/sdk/parameter.py @@ -1,5 +1,3 @@ -from typing import List - from samtranslator.sdk.parameter import SamParameterValues -__all__: List[str] = ["SamParameterValues"] +__all__: list[str] = ["SamParameterValues"] diff --git a/samtranslator/public/translator.py b/samtranslator/public/translator.py index 1e98511982..775ea9dbeb 100644 --- a/samtranslator/public/translator.py +++ b/samtranslator/public/translator.py @@ -2,7 +2,7 @@ # This is essentially our Public API # -__all__ = ["Translator", "ManagedPolicyLoader"] +__all__ = ["ManagedPolicyLoader", "Translator"] from samtranslator.translator.managed_policy_translator import ManagedPolicyLoader from samtranslator.translator.translator import Translator diff --git a/samtranslator/region_configuration.py b/samtranslator/region_configuration.py index 333ca3864f..45b3675348 100644 --- a/samtranslator/region_configuration.py +++ b/samtranslator/region_configuration.py @@ -18,9 +18,7 @@ def is_apigw_edge_configuration_supported(cls) -> bool: :return: True, if API Gateway does not support Edge configuration """ partition = ArnGenerator.get_partition_name() - if partition.startswith("aws-iso") or partition in ["aws-us-gov", "aws-cn", "aws-eusc"]: - return False - return True + return not (partition.startswith("aws-iso") or partition in ["aws-us-gov", "aws-cn", "aws-eusc"]) @classmethod def is_service_supported(cls, service, region=None): # type: ignore[no-untyped-def] diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index 4bfcd93b64..182f52e750 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -2869,6 +2869,12 @@ "markdownDescription": "A parallel configuration execution block.", "title": "ParallelConfig" }, + "RdsCreateCrossRegionReadReplicaConfig": { + "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RdsCreateCrossRegionReplicaConfiguration" + }, + "RdsPromoteReadReplicaConfig": { + "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RdsPromoteReadReplicaConfiguration" + }, "RegionSwitchPlanConfig": { "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RegionSwitchPlanConfiguration", "markdownDescription": "A Region switch plan execution block.", @@ -3011,6 +3017,60 @@ ], "type": "object" }, + "AWS::ARCRegionSwitch::Plan.RdsCreateCrossRegionReplicaConfiguration": { + "additionalProperties": false, + "properties": { + "CrossAccountRole": { + "type": "string" + }, + "DbInstanceArnMap": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "ExternalId": { + "type": "string" + }, + "TimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "DbInstanceArnMap" + ], + "type": "object" + }, + "AWS::ARCRegionSwitch::Plan.RdsPromoteReadReplicaConfiguration": { + "additionalProperties": false, + "properties": { + "CrossAccountRole": { + "type": "string" + }, + "DbInstanceArnMap": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "ExternalId": { + "type": "string" + }, + "TimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "DbInstanceArnMap" + ], + "type": "object" + }, "AWS::ARCRegionSwitch::Plan.RegionSwitchPlanConfiguration": { "additionalProperties": false, "properties": { @@ -11170,11 +11230,6 @@ "markdownDescription": "Settings for logging access in this stage.", "title": "AccessLogSettings" }, - "AccessPolicyId": { - "markdownDescription": "This parameter is not currently supported.", - "title": "AccessPolicyId", - "type": "string" - }, "ApiId": { "markdownDescription": "The API identifier.", "title": "ApiId", @@ -15124,6 +15179,9 @@ "markdownDescription": "The configuration for where the application should be loaded from.", "title": "ApplicationSourceConfig" }, + "ApplicationType": { + "type": "string" + }, "Description": { "markdownDescription": "The description of the application.", "title": "Description", @@ -15173,7 +15231,6 @@ }, "required": [ "ApplicationSourceConfig", - "Description", "Name", "Namespace" ], @@ -20622,6 +20679,9 @@ "title": "Description", "type": "string" }, + "DisableIMDSV1": { + "type": "boolean" + }, "DisconnectTimeoutInSeconds": { "markdownDescription": "The amount of time that a streaming session remains active after users disconnect. If users try to reconnect to the streaming session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new streaming instance.\n\nSpecify a value between 60 and 36000.", "title": "DisconnectTimeoutInSeconds", @@ -20697,6 +20757,9 @@ "title": "Platform", "type": "string" }, + "RootVolumeConfig": { + "$ref": "#/definitions/AWS::AppStream::Fleet.VolumeConfig" + }, "SessionScriptS3Location": { "$ref": "#/definitions/AWS::AppStream::Fleet.S3Location", "markdownDescription": "The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.", @@ -20808,6 +20871,15 @@ ], "type": "object" }, + "AWS::AppStream::Fleet.VolumeConfig": { + "additionalProperties": false, + "properties": { + "VolumeSizeInGb": { + "type": "number" + } + }, + "type": "object" + }, "AWS::AppStream::Fleet.VpcConfig": { "additionalProperties": false, "properties": { @@ -20923,6 +20995,21 @@ "title": "Name", "type": "string" }, + "RootVolumeConfig": { + "$ref": "#/definitions/AWS::AppStream::ImageBuilder.VolumeConfig" + }, + "SoftwaresToInstall": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SoftwaresToUninstall": { + "items": { + "type": "string" + }, + "type": "array" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -21000,6 +21087,15 @@ }, "type": "object" }, + "AWS::AppStream::ImageBuilder.VolumeConfig": { + "additionalProperties": false, + "properties": { + "VolumeSizeInGb": { + "type": "number" + } + }, + "type": "object" + }, "AWS::AppStream::ImageBuilder.VpcConfig": { "additionalProperties": false, "properties": { @@ -27563,6 +27659,12 @@ "markdownDescription": "The EC2 instance capacity distribution across Availability Zones for the Auto Scaling group.", "title": "AvailabilityZoneDistribution" }, + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "AvailabilityZoneImpairmentPolicy": { "$ref": "#/definitions/AWS::AutoScaling::AutoScalingGroup.AvailabilityZoneImpairmentPolicy", "markdownDescription": "The Availability Zone impairment policy for the Auto Scaling group.", @@ -31283,6 +31385,9 @@ "title": "S3Bucket", "type": "string" }, + "S3BucketOwner": { + "type": "string" + }, "S3OutputConfigurations": { "$ref": "#/definitions/AWS::BCMDataExports::Export.S3OutputConfigurations", "markdownDescription": "The output configuration for the data export.", @@ -33149,6 +33254,9 @@ "title": "PlacementGroup", "type": "string" }, + "ScalingPolicy": { + "$ref": "#/definitions/AWS::Batch::ComputeEnvironment.ComputeScalingPolicy" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -33199,9 +33307,21 @@ ], "type": "object" }, + "AWS::Batch::ComputeEnvironment.ComputeScalingPolicy": { + "additionalProperties": false, + "properties": { + "MinScaleDownDelayMinutes": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Batch::ComputeEnvironment.Ec2ConfigurationObject": { "additionalProperties": false, "properties": { + "BatchImageStatus": { + "type": "string" + }, "ImageIdOverride": { "markdownDescription": "The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the `imageId` set in the `computeResource` object.\n\n> The AMI that you choose for a compute environment must match the architecture of the instance types that you intend to use for that compute environment. For example, if your compute environment uses A1 instance types, the compute resource AMI that you choose must support ARM instances. Amazon ECS vends both x86 and ARM versions of the Amazon ECS-optimized Amazon Linux 2 AMI. For more information, see [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux-variants.html) in the *Amazon Elastic Container Service Developer Guide* .", "title": "ImageIdOverride", @@ -35299,7 +35419,7 @@ ], "type": "object" }, - "AWS::Batch::SchedulingPolicy": { + "AWS::Batch::QuotaShare": { "additionalProperties": false, "properties": { "Condition": { @@ -35334,33 +35454,49 @@ "Properties": { "additionalProperties": false, "properties": { - "FairsharePolicy": { - "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.FairsharePolicy", - "markdownDescription": "The fair-share scheduling policy details.", - "title": "FairsharePolicy" + "CapacityLimits": { + "items": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaShareCapacityLimit" + }, + "type": "array" }, - "Name": { - "markdownDescription": "The name of the fair-share scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).", - "title": "Name", + "JobQueue": { + "type": "string" + }, + "PreemptionConfiguration": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaSharePreemptionConfiguration" + }, + "QuotaShareName": { + "type": "string" + }, + "ResourceSharingConfiguration": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaShareResourceSharingConfiguration" + }, + "State": { "type": "string" }, "Tags": { "additionalProperties": true, - "markdownDescription": "The tags that you apply to the scheduling policy to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in *AWS General Reference* .\n\nThese tags can be updated or removed using the [TagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_UntagResource.html) API operations.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" } }, - "title": "Tags", "type": "object" } }, + "required": [ + "CapacityLimits", + "JobQueue", + "PreemptionConfiguration", + "QuotaShareName", + "ResourceSharingConfiguration" + ], "type": "object" }, "Type": { "enum": [ - "AWS::Batch::SchedulingPolicy" + "AWS::Batch::QuotaShare" ], "type": "string" }, @@ -35374,51 +35510,55 @@ } }, "required": [ - "Type" + "Type", + "Properties" ], "type": "object" }, - "AWS::Batch::SchedulingPolicy.FairsharePolicy": { + "AWS::Batch::QuotaShare.QuotaShareCapacityLimit": { "additionalProperties": false, "properties": { - "ComputeReservation": { - "markdownDescription": "A value used to reserve some of the available maximum vCPU for share identifiers that aren't already used.\n\nThe reserved ratio is `( *computeReservation* /100)^ *ActiveFairShares*` where `*ActiveFairShares*` is the number of active share identifiers.\n\nFor example, a `computeReservation` value of 50 indicates that AWS Batch reserves 50% of the maximum available vCPU if there's only one share identifier. It reserves 25% if there are two share identifiers. It reserves 12.5% if there are three share identifiers. A `computeReservation` value of 25 indicates that AWS Batch should reserve 25% of the maximum available vCPU if there's only one share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three share identifiers.\n\nThe minimum value is 0 and the maximum value is 99.", - "title": "ComputeReservation", - "type": "number" + "CapacityUnit": { + "type": "string" }, - "ShareDecaySeconds": { - "markdownDescription": "The amount of time (in seconds) to use to calculate a fair-share percentage for each share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).\n\nThe decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn't meet your needs.", - "title": "ShareDecaySeconds", + "MaxCapacity": { "type": "number" - }, - "ShareDistribution": { - "items": { - "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.ShareAttributes" - }, - "markdownDescription": "An array of `SharedIdentifier` objects that contain the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of `1.0` .", - "title": "ShareDistribution", - "type": "array" } }, + "required": [ + "CapacityUnit", + "MaxCapacity" + ], "type": "object" }, - "AWS::Batch::SchedulingPolicy.ShareAttributes": { + "AWS::Batch::QuotaShare.QuotaSharePreemptionConfiguration": { "additionalProperties": false, "properties": { - "ShareIdentifier": { - "markdownDescription": "A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA1` .\n\nThere can be no more than 500 share identifiers active in a job queue.\n\nThe string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).", - "title": "ShareIdentifier", + "InSharePreemption": { "type": "string" - }, - "WeightFactor": { - "markdownDescription": "The weight factor for the share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.\n\nThe smallest supported value is 0.0001, and the largest supported value is 999.9999.", - "title": "WeightFactor", + } + }, + "required": [ + "InSharePreemption" + ], + "type": "object" + }, + "AWS::Batch::QuotaShare.QuotaShareResourceSharingConfiguration": { + "additionalProperties": false, + "properties": { + "BorrowLimit": { "type": "number" + }, + "Strategy": { + "type": "string" } }, + "required": [ + "Strategy" + ], "type": "object" }, - "AWS::Batch::ServiceEnvironment": { + "AWS::Batch::SchedulingPolicy": { "additionalProperties": false, "properties": { "Condition": { @@ -35453,32 +35593,22 @@ "Properties": { "additionalProperties": false, "properties": { - "CapacityLimits": { - "items": { - "$ref": "#/definitions/AWS::Batch::ServiceEnvironment.CapacityLimit" - }, - "markdownDescription": "The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.", - "title": "CapacityLimits", - "type": "array" - }, - "ServiceEnvironmentName": { - "markdownDescription": "The name of the service environment.", - "title": "ServiceEnvironmentName", - "type": "string" + "FairsharePolicy": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.FairsharePolicy", + "markdownDescription": "The fair-share scheduling policy details.", + "title": "FairsharePolicy" }, - "ServiceEnvironmentType": { - "markdownDescription": "The type of service environment. For SageMaker Training jobs, this value is `SAGEMAKER_TRAINING` .", - "title": "ServiceEnvironmentType", + "Name": { + "markdownDescription": "The name of the fair-share scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).", + "title": "Name", "type": "string" }, - "State": { - "markdownDescription": "The state of the service environment. Valid values are `ENABLED` and `DISABLED` .", - "title": "State", - "type": "string" + "QuotaSharePolicy": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.QuotaSharePolicy" }, "Tags": { "additionalProperties": true, - "markdownDescription": "The tags associated with the service environment. Each tag consists of a key and an optional value. For more information, see [Tagging your AWS Batch resources](https://docs.aws.amazon.com/batch/latest/userguide/using-tags.html) .", + "markdownDescription": "The tags that you apply to the scheduling policy to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in *AWS General Reference* .\n\nThese tags can be updated or removed using the [TagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_UntagResource.html) API operations.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -35488,15 +35618,11 @@ "type": "object" } }, - "required": [ - "CapacityLimits", - "ServiceEnvironmentType" - ], "type": "object" }, "Type": { "enum": [ - "AWS::Batch::ServiceEnvironment" + "AWS::Batch::SchedulingPolicy" ], "type": "string" }, @@ -35510,28 +35636,261 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, - "AWS::Batch::ServiceEnvironment.CapacityLimit": { + "AWS::Batch::SchedulingPolicy.FairsharePolicy": { "additionalProperties": false, "properties": { - "CapacityUnit": { - "markdownDescription": "The unit of measure for the capacity limit. This defines how the maxCapacity value should be interpreted. For `SAGEMAKER_TRAINING` jobs, use `NUM_INSTANCES` .", - "title": "CapacityUnit", + "ComputeReservation": { + "markdownDescription": "A value used to reserve some of the available maximum vCPU for share identifiers that aren't already used.\n\nThe reserved ratio is `( *computeReservation* /100)^ *ActiveFairShares*` where `*ActiveFairShares*` is the number of active share identifiers.\n\nFor example, a `computeReservation` value of 50 indicates that AWS Batch reserves 50% of the maximum available vCPU if there's only one share identifier. It reserves 25% if there are two share identifiers. It reserves 12.5% if there are three share identifiers. A `computeReservation` value of 25 indicates that AWS Batch should reserve 25% of the maximum available vCPU if there's only one share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three share identifiers.\n\nThe minimum value is 0 and the maximum value is 99.", + "title": "ComputeReservation", + "type": "number" + }, + "ShareDecaySeconds": { + "markdownDescription": "The amount of time (in seconds) to use to calculate a fair-share percentage for each share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).\n\nThe decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn't meet your needs.", + "title": "ShareDecaySeconds", + "type": "number" + }, + "ShareDistribution": { + "items": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.ShareAttributes" + }, + "markdownDescription": "An array of `SharedIdentifier` objects that contain the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of `1.0` .", + "title": "ShareDistribution", + "type": "array" + } + }, + "type": "object" + }, + "AWS::Batch::SchedulingPolicy.QuotaSharePolicy": { + "additionalProperties": false, + "properties": { + "IdleResourceAssignmentStrategy": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Batch::SchedulingPolicy.ShareAttributes": { + "additionalProperties": false, + "properties": { + "ShareIdentifier": { + "markdownDescription": "A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA1` .\n\nThere can be no more than 500 share identifiers active in a job queue.\n\nThe string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).", + "title": "ShareIdentifier", "type": "string" }, - "MaxCapacity": { - "markdownDescription": "The maximum capacity available for the service environment. This value represents the maximum amount resources that can be allocated to service jobs.\n\nFor example, `maxCapacity=50` , `capacityUnit=NUM_INSTANCES` . This indicates that the maximum number of instances that can be run on this service environment is 50. You could then run 5 SageMaker Training jobs that each use 10 instances. However, if you submit another job that requires 10 instances, it will wait in the queue.", - "title": "MaxCapacity", + "WeightFactor": { + "markdownDescription": "The weight factor for the share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.\n\nThe smallest supported value is 0.0001, and the largest supported value is 999.9999.", + "title": "WeightFactor", "type": "number" } }, "type": "object" }, - "AWS::Bedrock::Agent": { + "AWS::Batch::ServiceEnvironment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CapacityLimits": { + "items": { + "$ref": "#/definitions/AWS::Batch::ServiceEnvironment.CapacityLimit" + }, + "markdownDescription": "The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.", + "title": "CapacityLimits", + "type": "array" + }, + "ServiceEnvironmentName": { + "markdownDescription": "The name of the service environment.", + "title": "ServiceEnvironmentName", + "type": "string" + }, + "ServiceEnvironmentType": { + "markdownDescription": "The type of service environment. For SageMaker Training jobs, this value is `SAGEMAKER_TRAINING` .", + "title": "ServiceEnvironmentType", + "type": "string" + }, + "State": { + "markdownDescription": "The state of the service environment. Valid values are `ENABLED` and `DISABLED` .", + "title": "State", + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags associated with the service environment. Each tag consists of a key and an optional value. For more information, see [Tagging your AWS Batch resources](https://docs.aws.amazon.com/batch/latest/userguide/using-tags.html) .", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "CapacityLimits", + "ServiceEnvironmentType" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Batch::ServiceEnvironment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Batch::ServiceEnvironment.CapacityLimit": { + "additionalProperties": false, + "properties": { + "CapacityUnit": { + "markdownDescription": "The unit of measure for the capacity limit. This defines how the maxCapacity value should be interpreted. For `SAGEMAKER_TRAINING` jobs, use `NUM_INSTANCES` .", + "title": "CapacityUnit", + "type": "string" + }, + "MaxCapacity": { + "markdownDescription": "The maximum capacity available for the service environment. This value represents the maximum amount resources that can be allocated to service jobs.\n\nFor example, `maxCapacity=50` , `capacityUnit=NUM_INSTANCES` . This indicates that the maximum number of instances that can be run on this service environment is 50. You could then run 5 SageMaker Training jobs that each use 10 instances. However, if you submit another job that requires 10 instances, it will wait in the queue.", + "title": "MaxCapacity", + "type": "number" + } + }, + "type": "object" + }, + "AWS::BcmPricingCalculator::BillScenario": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CostCategoryGroupSharingPreferenceArn": { + "type": "string" + }, + "ExpiresAt": { + "type": "string" + }, + "GroupSharingPreference": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BcmPricingCalculator::BillScenario" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::BcmPricingCalculator::BillScenario.BillInterval": { + "additionalProperties": false, + "properties": { + "End": { + "type": "string" + }, + "Start": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Bedrock::Agent": { "additionalProperties": false, "properties": { "Condition": { @@ -36788,6 +37147,119 @@ ], "type": "object" }, + "AWS::Bedrock::DataAutomationLibrary": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "EncryptionConfiguration": { + "$ref": "#/definitions/AWS::Bedrock::DataAutomationLibrary.EncryptionConfiguration" + }, + "LibraryDescription": { + "type": "string" + }, + "LibraryName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "LibraryName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Bedrock::DataAutomationLibrary" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Bedrock::DataAutomationLibrary.EncryptionConfiguration": { + "additionalProperties": false, + "properties": { + "KmsEncryptionContext": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "KmsKeyId": { + "type": "string" + } + }, + "required": [ + "KmsKeyId" + ], + "type": "object" + }, + "AWS::Bedrock::DataAutomationLibrary.EntityTypeInfo": { + "additionalProperties": false, + "properties": { + "EntityMetadata": { + "type": "string" + }, + "EntityType": { + "type": "string" + } + }, + "required": [ + "EntityType" + ], + "type": "object" + }, "AWS::Bedrock::DataAutomationProject": { "additionalProperties": false, "properties": { @@ -38562,6 +39034,115 @@ ], "type": "object" }, + "AWS::Bedrock::EnforcedGuardrailConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "GuardrailIdentifier": { + "type": "string" + }, + "GuardrailVersion": { + "type": "string" + }, + "ModelEnforcement": { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration.ModelEnforcement" + }, + "SelectiveContentGuarding": { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration.SelectiveContentGuarding" + } + }, + "required": [ + "GuardrailIdentifier", + "GuardrailVersion" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Bedrock::EnforcedGuardrailConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Bedrock::EnforcedGuardrailConfiguration.ModelEnforcement": { + "additionalProperties": false, + "properties": { + "ExcludedModels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IncludedModels": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ExcludedModels", + "IncludedModels" + ], + "type": "object" + }, + "AWS::Bedrock::EnforcedGuardrailConfiguration.SelectiveContentGuarding": { + "additionalProperties": false, + "properties": { + "Messages": { + "type": "string" + }, + "System": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Bedrock::Flow": { "additionalProperties": false, "properties": { @@ -43658,7 +44239,7 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom": { + "AWS::Bedrock::ResourcePolicy": { "additionalProperties": false, "properties": { "Condition": { @@ -43693,57 +44274,22 @@ "Properties": { "additionalProperties": false, "properties": { - "BrowserSigning": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserSigning", - "markdownDescription": "", - "title": "BrowserSigning" - }, - "Description": { - "markdownDescription": "The custom browser.", - "title": "Description", - "type": "string" - }, - "ExecutionRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the execution role.", - "title": "ExecutionRoleArn", - "type": "string" + "PolicyDocument": { + "type": "object" }, - "Name": { - "markdownDescription": "The name of the custom browser.", - "title": "Name", + "ResourceArn": { "type": "string" - }, - "NetworkConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration", - "markdownDescription": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", - "title": "NetworkConfiguration" - }, - "RecordingConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.RecordingConfig", - "markdownDescription": "THe custom browser configuration.", - "title": "RecordingConfig" - }, - "Tags": { - "additionalProperties": true, - "markdownDescription": "The tags for the custom browser.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "Tags", - "type": "object" } }, "required": [ - "Name", - "NetworkConfiguration" + "PolicyDocument", + "ResourceArn" ], "type": "object" }, "Type": { "enum": [ - "AWS::BedrockAgentCore::BrowserCustom" + "AWS::Bedrock::ResourcePolicy" ], "type": "string" }, @@ -43762,99 +44308,366 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration": { + "AWS::BedrockAgentCore::ApiKeyCredentialProvider": { "additionalProperties": false, "properties": { - "NetworkMode": { - "markdownDescription": "The network mode.", - "title": "NetworkMode", + "Condition": { "type": "string" }, - "VpcConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.VpcConfig", - "markdownDescription": "", - "title": "VpcConfig" - } - }, - "required": [ - "NetworkMode" - ], - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.BrowserSigning": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "", - "title": "Enabled", - "type": "boolean" - } - }, - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.RecordingConfig": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "The recording configuration for a browser. This structure defines how browser sessions are recorded.", - "title": "Enabled", - "type": "boolean" + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" }, - "S3Location": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.S3Location", - "markdownDescription": "The S3 location.", - "title": "S3Location" - } - }, - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.S3Location": { - "additionalProperties": false, - "properties": { - "Bucket": { - "markdownDescription": "The S3 location bucket name.", - "title": "Bucket", + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ApiKey": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::ApiKeyCredentialProvider" + ], "type": "string" }, - "Prefix": { - "markdownDescription": "The S3 location object prefix.", - "title": "Prefix", + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], "type": "string" } }, "required": [ - "Bucket", - "Prefix" + "Type", + "Properties" ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom.VpcConfig": { + "AWS::BedrockAgentCore::ApiKeyCredentialProvider.ApiKeySecretArn": { "additionalProperties": false, "properties": { - "SecurityGroups": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "SecurityGroups", - "type": "array" - }, - "Subnets": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "Subnets", - "type": "array" + "SecretArn": { + "type": "string" } }, "required": [ - "SecurityGroups", - "Subnets" + "SecretArn" ], "type": "object" }, - "AWS::BedrockAgentCore::CodeInterpreterCustom": { + "AWS::BedrockAgentCore::BrowserCustom": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BrowserSigning": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserSigning", + "markdownDescription": "", + "title": "BrowserSigning" + }, + "Description": { + "markdownDescription": "The custom browser.", + "title": "Description", + "type": "string" + }, + "ExecutionRoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the execution role.", + "title": "ExecutionRoleArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the custom browser.", + "title": "Name", + "type": "string" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration", + "markdownDescription": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", + "title": "NetworkConfiguration" + }, + "RecordingConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.RecordingConfig", + "markdownDescription": "THe custom browser configuration.", + "title": "RecordingConfig" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags for the custom browser.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "Name", + "NetworkConfiguration" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::BrowserCustom" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "NetworkMode": { + "markdownDescription": "The network mode.", + "title": "NetworkMode", + "type": "string" + }, + "VpcConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.VpcConfig", + "markdownDescription": "", + "title": "VpcConfig" + } + }, + "required": [ + "NetworkMode" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.BrowserSigning": { + "additionalProperties": false, + "properties": { + "Enabled": { + "markdownDescription": "", + "title": "Enabled", + "type": "boolean" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.RecordingConfig": { + "additionalProperties": false, + "properties": { + "Enabled": { + "markdownDescription": "The recording configuration for a browser. This structure defines how browser sessions are recorded.", + "title": "Enabled", + "type": "boolean" + }, + "S3Location": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.S3Location", + "markdownDescription": "The S3 location.", + "title": "S3Location" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "markdownDescription": "The S3 location bucket name.", + "title": "Bucket", + "type": "string" + }, + "Prefix": { + "markdownDescription": "The S3 location object prefix.", + "title": "Prefix", + "type": "string" + } + }, + "required": [ + "Bucket", + "Prefix" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroups": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "SecurityGroups", + "type": "array" + }, + "Subnets": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Subnets", + "type": "array" + } + }, + "required": [ + "SecurityGroups", + "Subnets" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserProfile": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::BrowserProfile" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::CodeInterpreterCustom": { "additionalProperties": false, "properties": { "Condition": { @@ -43993,6 +44806,246 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Evaluator": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "EvaluatorConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.EvaluatorConfig" + }, + "EvaluatorName": { + "type": "string" + }, + "Level": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "EvaluatorConfig", + "EvaluatorName", + "Level" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Evaluator" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.BedrockEvaluatorModelConfig": { + "additionalProperties": false, + "properties": { + "AdditionalModelRequestFields": { + "type": "object" + }, + "InferenceConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.InferenceConfiguration" + }, + "ModelId": { + "type": "string" + } + }, + "required": [ + "ModelId" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.CategoricalScaleDefinition": { + "additionalProperties": false, + "properties": { + "Definition": { + "type": "string" + }, + "Label": { + "type": "string" + } + }, + "required": [ + "Definition", + "Label" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.CodeBasedEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "LambdaConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.LambdaEvaluatorConfig" + } + }, + "required": [ + "LambdaConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.EvaluatorConfig": { + "additionalProperties": false, + "properties": { + "CodeBased": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.CodeBasedEvaluatorConfig" + }, + "LlmAsAJudge": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.LlmAsAJudgeEvaluatorConfig" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.EvaluatorModelConfig": { + "additionalProperties": false, + "properties": { + "BedrockEvaluatorModelConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.BedrockEvaluatorModelConfig" + } + }, + "required": [ + "BedrockEvaluatorModelConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.InferenceConfiguration": { + "additionalProperties": false, + "properties": { + "MaxTokens": { + "type": "number" + }, + "Temperature": { + "type": "number" + }, + "TopP": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.LambdaEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "type": "string" + }, + "LambdaTimeoutInSeconds": { + "type": "number" + } + }, + "required": [ + "LambdaArn" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.LlmAsAJudgeEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "Instructions": { + "type": "string" + }, + "ModelConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.EvaluatorModelConfig" + }, + "RatingScale": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.RatingScale" + } + }, + "required": [ + "Instructions", + "ModelConfig", + "RatingScale" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.NumericalScaleDefinition": { + "additionalProperties": false, + "properties": { + "Definition": { + "type": "string" + }, + "Label": { + "type": "string" + }, + "Value": { + "type": "number" + } + }, + "required": [ + "Definition", + "Label", + "Value" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.RatingScale": { + "additionalProperties": false, + "properties": { + "Categorical": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.CategoricalScaleDefinition" + }, + "type": "array" + }, + "Numerical": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.NumericalScaleDefinition" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::BedrockAgentCore::Gateway": { "additionalProperties": false, "properties": { @@ -44066,6 +45119,9 @@ "title": "Name", "type": "string" }, + "PolicyEngineConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway.GatewayPolicyEngineConfiguration" + }, "ProtocolConfiguration": { "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway.GatewayProtocolConfiguration", "markdownDescription": "The protocol configuration for the gateway target.", @@ -44275,6 +45331,22 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Gateway.GatewayPolicyEngineConfiguration": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "Mode": { + "type": "string" + } + }, + "required": [ + "Arn", + "Mode" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Gateway.GatewayProtocolConfiguration": { "additionalProperties": false, "properties": { @@ -44601,6 +45673,9 @@ "markdownDescription": "The API key credential provider.", "title": "ApiKeyCredentialProvider" }, + "IamCredentialProvider": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.IamCredentialProvider" + }, "OauthCredentialProvider": { "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.OAuthCredentialProvider", "markdownDescription": "The OAuth credential provider for the gateway target.", @@ -44628,6 +45703,21 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::GatewayTarget.IamCredentialProvider": { + "additionalProperties": false, + "properties": { + "Region": { + "type": "string" + }, + "Service": { + "type": "string" + } + }, + "required": [ + "Service" + ], + "type": "object" + }, "AWS::BedrockAgentCore::GatewayTarget.McpLambdaTargetConfiguration": { "additionalProperties": false, "properties": { @@ -44956,6 +46046,9 @@ "title": "Name", "type": "string" }, + "StreamDeliveryResources": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.StreamDeliveryResources" + }, "Tags": { "additionalProperties": true, "markdownDescription": "The tags for the resources.", @@ -44995,6 +46088,21 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Memory.ContentConfiguration": { + "additionalProperties": false, + "properties": { + "Level": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.CustomConfigurationInput": { "additionalProperties": false, "properties": { @@ -45049,6 +46157,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45101,6 +46215,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45214,6 +46334,12 @@ "title": "ModelId", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45232,6 +46358,12 @@ "AWS::BedrockAgentCore::Memory.EpisodicReflectionConfigurationInput": { "additionalProperties": false, "properties": { + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45241,9 +46373,6 @@ "type": "array" } }, - "required": [ - "Namespaces" - ], "type": "object" }, "AWS::BedrockAgentCore::Memory.InvocationConfigurationInput": { @@ -45262,6 +46391,25 @@ }, "type": "object" }, + "AWS::BedrockAgentCore::Memory.KinesisResource": { + "additionalProperties": false, + "properties": { + "ContentConfigurations": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.ContentConfiguration" + }, + "type": "array" + }, + "DataStreamArn": { + "type": "string" + } + }, + "required": [ + "ContentConfigurations", + "DataStreamArn" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.MemoryStrategy": { "additionalProperties": false, "properties": { @@ -45346,6 +46494,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45436,6 +46590,30 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Memory.StreamDeliveryResource": { + "additionalProperties": false, + "properties": { + "Kinesis": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.KinesisResource" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Memory.StreamDeliveryResources": { + "additionalProperties": false, + "properties": { + "Resources": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.StreamDeliveryResource" + }, + "type": "array" + } + }, + "required": [ + "Resources" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.SummaryMemoryStrategy": { "additionalProperties": false, "properties": { @@ -45454,6 +46632,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45580,6 +46764,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45670,7 +46860,7 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider": { "additionalProperties": false, "properties": { "Condition": { @@ -45705,85 +46895,31 @@ "Properties": { "additionalProperties": false, "properties": { - "AgentRuntimeArtifact": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact", - "markdownDescription": "The artifact of the agent.", - "title": "AgentRuntimeArtifact" - }, - "AgentRuntimeName": { - "markdownDescription": "The name of the AgentCore Runtime endpoint.", - "title": "AgentRuntimeName", - "type": "string" - }, - "AuthorizerConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration", - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "AuthorizerConfiguration" - }, - "Description": { - "markdownDescription": "The agent runtime description.", - "title": "Description", + "CredentialProviderVendor": { "type": "string" }, - "EnvironmentVariables": { - "additionalProperties": true, - "markdownDescription": "The environment variables for the agent.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "EnvironmentVariables", - "type": "object" - }, - "LifecycleConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.LifecycleConfiguration", - "markdownDescription": "", - "title": "LifecycleConfiguration" - }, - "NetworkConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.NetworkConfiguration", - "markdownDescription": "The network configuration.", - "title": "NetworkConfiguration" - }, - "ProtocolConfiguration": { - "markdownDescription": "The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.", - "title": "ProtocolConfiguration", + "Name": { "type": "string" }, - "RequestHeaderConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration", - "markdownDescription": "", - "title": "RequestHeaderConfiguration" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for for the role.", - "title": "RoleArn", - "type": "string" + "Oauth2ProviderConfigInput": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigInput" }, "Tags": { - "additionalProperties": true, - "markdownDescription": "The tags for the agent.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } + "items": { + "$ref": "#/definitions/Tag" }, - "title": "Tags", - "type": "object" + "type": "array" } }, "required": [ - "AgentRuntimeArtifact", - "AgentRuntimeName", - "NetworkConfiguration", - "RoleArn" + "CredentialProviderVendor", + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::BedrockAgentCore::Runtime" + "AWS::BedrockAgentCore::OAuth2CredentialProvider" ], "type": "string" }, @@ -45802,295 +46938,1129 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.AtlassianOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "CodeConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CodeConfiguration", - "markdownDescription": "", - "title": "CodeConfiguration" + "ClientId": { + "type": "string" }, - "ContainerConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ContainerConfiguration", - "markdownDescription": "Representation of a container configuration.", - "title": "ContainerConfiguration" + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.ClientSecretArn": { "additionalProperties": false, "properties": { - "CustomJWTAuthorizer": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration", - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "CustomJWTAuthorizer" + "SecretArn": { + "type": "string" } }, + "required": [ + "SecretArn" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.CustomOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "ClaimMatchOperator": { + "ClientId": { "type": "string" }, - "ClaimMatchValue": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ClaimMatchValueType" + "ClientSecret": { + "type": "string" + }, + "OauthDiscovery": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery" } }, "required": [ - "ClaimMatchOperator", - "ClaimMatchValue" + "ClientId", + "ClientSecret", + "OauthDiscovery" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.ClaimMatchValueType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.GithubOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "MatchValueString": { + "ClientId": { "type": "string" }, - "MatchValueStringList": { - "items": { - "type": "string" - }, - "type": "array" + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.Code": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.GoogleOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "S3": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.S3Location", - "markdownDescription": "", - "title": "S3" + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CodeConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.IncludedOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "Code": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.Code", - "markdownDescription": "", - "title": "Code" + "AuthorizationEndpoint": { + "type": "string" }, - "EntryPoint": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "EntryPoint", - "type": "array" + "ClientId": { + "type": "string" }, - "Runtime": { - "markdownDescription": "", - "title": "Runtime", + "ClientSecret": { + "type": "string" + }, + "Issuer": { + "type": "string" + }, + "TokenEndpoint": { "type": "string" } }, "required": [ - "Code", - "EntryPoint", - "Runtime" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.ContainerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.LinkedinOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "ContainerUri": { - "markdownDescription": "The container Uri.", - "title": "ContainerUri", + "ClientId": { + "type": "string" + }, + "ClientSecret": { "type": "string" } }, "required": [ - "ContainerUri" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CustomClaimValidationType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.MicrosoftOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "AuthorizingClaimMatchValue": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType" + "ClientId": { + "type": "string" }, - "InboundTokenClaimName": { + "ClientSecret": { "type": "string" }, - "InboundTokenClaimValueType": { + "TenantId": { "type": "string" } }, "required": [ - "AuthorizingClaimMatchValue", - "InboundTokenClaimName", - "InboundTokenClaimValueType" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2AuthorizationServerMetadata": { "additionalProperties": false, "properties": { - "AllowedAudience": { - "items": { - "type": "string" - }, - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "AllowedAudience", - "type": "array" + "AuthorizationEndpoint": { + "type": "string" }, - "AllowedClients": { - "items": { - "type": "string" - }, - "markdownDescription": "Represents individual client IDs that are validated in the incoming JWT token validation process.", - "title": "AllowedClients", - "type": "array" + "Issuer": { + "type": "string" }, - "AllowedScopes": { + "ResponseTypes": { "items": { "type": "string" }, "type": "array" }, - "CustomClaims": { - "items": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomClaimValidationType" - }, - "type": "array" - }, - "DiscoveryUrl": { - "markdownDescription": "The configuration authorization.", - "title": "DiscoveryUrl", + "TokenEndpoint": { "type": "string" } }, "required": [ - "DiscoveryUrl" + "AuthorizationEndpoint", + "Issuer", + "TokenEndpoint" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.LifecycleConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery": { "additionalProperties": false, "properties": { - "IdleRuntimeSessionTimeout": { - "markdownDescription": "", - "title": "IdleRuntimeSessionTimeout", - "type": "number" + "AuthorizationServerMetadata": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2AuthorizationServerMetadata" }, - "MaxLifetime": { - "markdownDescription": "", - "title": "MaxLifetime", - "type": "number" + "DiscoveryUrl": { + "type": "string" } }, "type": "object" }, - "AWS::BedrockAgentCore::Runtime.NetworkConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "NetworkMode": { - "markdownDescription": "The network mode.", - "title": "NetworkMode", - "type": "string" + "AtlassianOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.AtlassianOauth2ProviderConfigInput" }, - "NetworkModeConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.VpcConfig", - "markdownDescription": "", - "title": "NetworkModeConfig" + "CustomOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.CustomOauth2ProviderConfigInput" + }, + "GithubOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.GithubOauth2ProviderConfigInput" + }, + "GoogleOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.GoogleOauth2ProviderConfigInput" + }, + "IncludedOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.IncludedOauth2ProviderConfigInput" + }, + "LinkedinOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.LinkedinOauth2ProviderConfigInput" + }, + "MicrosoftOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.MicrosoftOauth2ProviderConfigInput" + }, + "SalesforceOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.SalesforceOauth2ProviderConfigInput" + }, + "SlackOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.SlackOauth2ProviderConfigInput" } }, - "required": [ - "NetworkMode" - ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigOutput": { "additionalProperties": false, "properties": { - "RequestHeaderAllowlist": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "RequestHeaderAllowlist", - "type": "array" + "ClientId": { + "type": "string" + }, + "OauthDiscovery": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery" } }, "type": "object" }, - "AWS::BedrockAgentCore::Runtime.S3Location": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.SalesforceOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "Bucket": { - "markdownDescription": "", - "title": "Bucket", - "type": "string" - }, - "Prefix": { - "markdownDescription": "", - "title": "Prefix", + "ClientId": { "type": "string" }, - "VersionId": { - "markdownDescription": "", - "title": "VersionId", + "ClientSecret": { "type": "string" } }, "required": [ - "Bucket", - "Prefix" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.VpcConfig": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.SlackOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "SecurityGroups": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "SecurityGroups", - "type": "array" + "ClientId": { + "type": "string" }, - "Subnets": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "Subnets", - "type": "array" - } - }, - "required": [ - "SecurityGroups", - "Subnets" - ], - "type": "object" - }, - "AWS::BedrockAgentCore::Runtime.WorkloadIdentityDetails": { - "additionalProperties": false, - "properties": { - "WorkloadIdentityArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for the workload identity.", - "title": "WorkloadIdentityArn", + "ClientSecret": { "type": "string" } }, "required": [ - "WorkloadIdentityArn" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::RuntimeEndpoint": { + "AWS::BedrockAgentCore::OnlineEvaluationConfig": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DataSourceConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.DataSourceConfig" + }, + "Description": { + "type": "string" + }, + "EvaluationExecutionRoleArn": { + "type": "string" + }, + "Evaluators": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.EvaluatorReference" + }, + "type": "array" + }, + "ExecutionStatus": { + "type": "string" + }, + "OnlineEvaluationConfigName": { + "type": "string" + }, + "Rule": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.Rule" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DataSourceConfig", + "EvaluationExecutionRoleArn", + "Evaluators", + "OnlineEvaluationConfigName", + "Rule" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::OnlineEvaluationConfig" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchLogsInputConfig": { + "additionalProperties": false, + "properties": { + "LogGroupNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ServiceNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "LogGroupNames", + "ServiceNames" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchOutputConfig": { + "additionalProperties": false, + "properties": { + "LogGroupName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.DataSourceConfig": { + "additionalProperties": false, + "properties": { + "CloudWatchLogs": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchLogsInputConfig" + } + }, + "required": [ + "CloudWatchLogs" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.EvaluatorReference": { + "additionalProperties": false, + "properties": { + "EvaluatorId": { + "type": "string" + } + }, + "required": [ + "EvaluatorId" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.Filter": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Operator": { + "type": "string" + }, + "Value": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.FilterValue" + } + }, + "required": [ + "Key", + "Operator", + "Value" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.FilterValue": { + "additionalProperties": false, + "properties": { + "BooleanValue": { + "type": "boolean" + }, + "DoubleValue": { + "type": "number" + }, + "StringValue": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.OutputConfig": { + "additionalProperties": false, + "properties": { + "CloudWatchConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchOutputConfig" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.Rule": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.Filter" + }, + "type": "array" + }, + "SamplingConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.SamplingConfig" + }, + "SessionConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.SessionConfig" + } + }, + "required": [ + "SamplingConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.SamplingConfig": { + "additionalProperties": false, + "properties": { + "SamplingPercentage": { + "type": "number" + } + }, + "required": [ + "SamplingPercentage" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.SessionConfig": { + "additionalProperties": false, + "properties": { + "SessionTimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "SessionTimeoutMinutes" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Definition": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy.PolicyDefinition" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "PolicyEngineId": { + "type": "string" + }, + "ValidationMode": { + "type": "string" + } + }, + "required": [ + "Definition", + "Name", + "PolicyEngineId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Policy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy.CedarPolicy": { + "additionalProperties": false, + "properties": { + "Statement": { + "type": "string" + } + }, + "required": [ + "Statement" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy.PolicyDefinition": { + "additionalProperties": false, + "properties": { + "Cedar": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy.CedarPolicy" + } + }, + "required": [ + "Cedar" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::PolicyEngine": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "EncryptionKeyArn": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::PolicyEngine" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AgentRuntimeArtifact": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact", + "markdownDescription": "The artifact of the agent.", + "title": "AgentRuntimeArtifact" + }, + "AgentRuntimeName": { + "markdownDescription": "The name of the AgentCore Runtime endpoint.", + "title": "AgentRuntimeName", + "type": "string" + }, + "AuthorizerConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration", + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "AuthorizerConfiguration" + }, + "Description": { + "markdownDescription": "The agent runtime description.", + "title": "Description", + "type": "string" + }, + "EnvironmentVariables": { + "additionalProperties": true, + "markdownDescription": "The environment variables for the agent.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "EnvironmentVariables", + "type": "object" + }, + "FilesystemConfigurations": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.FilesystemConfiguration" + }, + "type": "array" + }, + "LifecycleConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.LifecycleConfiguration", + "markdownDescription": "", + "title": "LifecycleConfiguration" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.NetworkConfiguration", + "markdownDescription": "The network configuration.", + "title": "NetworkConfiguration" + }, + "ProtocolConfiguration": { + "markdownDescription": "The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.", + "title": "ProtocolConfiguration", + "type": "string" + }, + "RequestHeaderConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration", + "markdownDescription": "", + "title": "RequestHeaderConfiguration" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) for for the role.", + "title": "RoleArn", + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags for the agent.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "AgentRuntimeArtifact", + "AgentRuntimeName", + "NetworkConfiguration", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Runtime" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact": { + "additionalProperties": false, + "properties": { + "CodeConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CodeConfiguration", + "markdownDescription": "", + "title": "CodeConfiguration" + }, + "ContainerConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ContainerConfiguration", + "markdownDescription": "Representation of a container configuration.", + "title": "ContainerConfiguration" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration": { + "additionalProperties": false, + "properties": { + "CustomJWTAuthorizer": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration", + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "CustomJWTAuthorizer" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType": { + "additionalProperties": false, + "properties": { + "ClaimMatchOperator": { + "type": "string" + }, + "ClaimMatchValue": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ClaimMatchValueType" + } + }, + "required": [ + "ClaimMatchOperator", + "ClaimMatchValue" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.ClaimMatchValueType": { + "additionalProperties": false, + "properties": { + "MatchValueString": { + "type": "string" + }, + "MatchValueStringList": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.Code": { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.S3Location", + "markdownDescription": "", + "title": "S3" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CodeConfiguration": { + "additionalProperties": false, + "properties": { + "Code": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.Code", + "markdownDescription": "", + "title": "Code" + }, + "EntryPoint": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "EntryPoint", + "type": "array" + }, + "Runtime": { + "markdownDescription": "", + "title": "Runtime", + "type": "string" + } + }, + "required": [ + "Code", + "EntryPoint", + "Runtime" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.ContainerConfiguration": { + "additionalProperties": false, + "properties": { + "ContainerUri": { + "markdownDescription": "The container Uri.", + "title": "ContainerUri", + "type": "string" + } + }, + "required": [ + "ContainerUri" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CustomClaimValidationType": { + "additionalProperties": false, + "properties": { + "AuthorizingClaimMatchValue": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType" + }, + "InboundTokenClaimName": { + "type": "string" + }, + "InboundTokenClaimValueType": { + "type": "string" + } + }, + "required": [ + "AuthorizingClaimMatchValue", + "InboundTokenClaimName", + "InboundTokenClaimValueType" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration": { + "additionalProperties": false, + "properties": { + "AllowedAudience": { + "items": { + "type": "string" + }, + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "AllowedAudience", + "type": "array" + }, + "AllowedClients": { + "items": { + "type": "string" + }, + "markdownDescription": "Represents individual client IDs that are validated in the incoming JWT token validation process.", + "title": "AllowedClients", + "type": "array" + }, + "AllowedScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CustomClaims": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomClaimValidationType" + }, + "type": "array" + }, + "DiscoveryUrl": { + "markdownDescription": "The configuration authorization.", + "title": "DiscoveryUrl", + "type": "string" + } + }, + "required": [ + "DiscoveryUrl" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.FilesystemConfiguration": { + "additionalProperties": false, + "properties": { + "SessionStorage": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.SessionStorageConfiguration" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.LifecycleConfiguration": { + "additionalProperties": false, + "properties": { + "IdleRuntimeSessionTimeout": { + "markdownDescription": "", + "title": "IdleRuntimeSessionTimeout", + "type": "number" + }, + "MaxLifetime": { + "markdownDescription": "", + "title": "MaxLifetime", + "type": "number" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.NetworkConfiguration": { + "additionalProperties": false, + "properties": { + "NetworkMode": { + "markdownDescription": "The network mode.", + "title": "NetworkMode", + "type": "string" + }, + "NetworkModeConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.VpcConfig", + "markdownDescription": "", + "title": "NetworkModeConfig" + } + }, + "required": [ + "NetworkMode" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration": { + "additionalProperties": false, + "properties": { + "RequestHeaderAllowlist": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "RequestHeaderAllowlist", + "type": "array" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "markdownDescription": "", + "title": "Bucket", + "type": "string" + }, + "Prefix": { + "markdownDescription": "", + "title": "Prefix", + "type": "string" + }, + "VersionId": { + "markdownDescription": "", + "title": "VersionId", + "type": "string" + } + }, + "required": [ + "Bucket", + "Prefix" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.SessionStorageConfiguration": { + "additionalProperties": false, + "properties": { + "MountPath": { + "type": "string" + } + }, + "required": [ + "MountPath" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroups": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "SecurityGroups", + "type": "array" + }, + "Subnets": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Subnets", + "type": "array" + } + }, + "required": [ + "SecurityGroups", + "Subnets" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.WorkloadIdentityDetails": { + "additionalProperties": false, + "properties": { + "WorkloadIdentityArn": { + "markdownDescription": "The Amazon Resource Name (ARN) for the workload identity.", + "title": "WorkloadIdentityArn", + "type": "string" + } + }, + "required": [ + "WorkloadIdentityArn" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::RuntimeEndpoint": { "additionalProperties": false, "properties": { "Condition": { @@ -46267,6 +48237,77 @@ ], "type": "object" }, + "AWS::BedrockMantle::Project": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockMantle::Project" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::Billing::BillingView": { "additionalProperties": false, "properties": { @@ -47051,6 +49092,100 @@ }, "type": "object" }, + "AWS::Braket::SpendingLimit": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DeviceArn": { + "type": "string" + }, + "SpendingLimit": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TimePeriod": { + "$ref": "#/definitions/AWS::Braket::SpendingLimit.TimePeriod" + } + }, + "required": [ + "DeviceArn", + "SpendingLimit" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Braket::SpendingLimit" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Braket::SpendingLimit.TimePeriod": { + "additionalProperties": false, + "properties": { + "EndAt": { + "type": "string" + }, + "StartAt": { + "type": "string" + } + }, + "required": [ + "EndAt", + "StartAt" + ], + "type": "object" + }, "AWS::Budgets::Budget": { "additionalProperties": false, "properties": { @@ -48405,25 +50540,333 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "Description of a case rule.", + "markdownDescription": "Description of a case rule.", + "title": "Description", + "type": "string" + }, + "DomainId": { + "markdownDescription": "Unique identifier of a Cases domain.", + "title": "DomainId", + "type": "string" + }, + "Name": { + "markdownDescription": "Name of the case rule.", + "title": "Name", + "type": "string" + }, + "Rule": { + "$ref": "#/definitions/AWS::Cases::CaseRule.CaseRuleDetails", + "markdownDescription": "Represents what rule type should take place, under what conditions.", + "title": "Rule" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Name", + "Rule" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Cases::CaseRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.BooleanCondition": { + "additionalProperties": false, + "properties": { + "EqualTo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", + "markdownDescription": "Tests that operandOne is equal to operandTwo.", + "title": "EqualTo" + }, + "NotEqualTo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", + "markdownDescription": "Tests that operandOne is not equal to operandTwo.", + "title": "NotEqualTo" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.BooleanOperands": { + "additionalProperties": false, + "properties": { + "OperandOne": { + "$ref": "#/definitions/AWS::Cases::CaseRule.OperandOne", + "markdownDescription": "Represents the left hand operand in the condition.", + "title": "OperandOne" + }, + "OperandTwo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.OperandTwo", + "markdownDescription": "Represents the right hand operand in the condition.", + "title": "OperandTwo" + }, + "Result": { + "markdownDescription": "The value of the outer rule if the condition evaluates to true.", + "title": "Result", + "type": "boolean" + } + }, + "required": [ + "OperandOne", + "OperandTwo", + "Result" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.CaseRuleDetails": { + "additionalProperties": false, + "properties": { + "Hidden": { + "$ref": "#/definitions/AWS::Cases::CaseRule.HiddenCaseRule", + "markdownDescription": "Whether a field is visible, based on values in other fields.", + "title": "Hidden" + }, + "Required": { + "$ref": "#/definitions/AWS::Cases::CaseRule.RequiredCaseRule", + "markdownDescription": "Required rule type, used to indicate whether a field is required.", + "title": "Required" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.HiddenCaseRule": { + "additionalProperties": false, + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" + }, + "markdownDescription": "A list of conditions that determine field visibility.", + "title": "Conditions", + "type": "array" + }, + "DefaultValue": { + "markdownDescription": "Whether the field is hidden when no conditions match.", + "title": "DefaultValue", + "type": "boolean" + } + }, + "required": [ + "Conditions", + "DefaultValue" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.OperandOne": { + "additionalProperties": false, + "properties": { + "FieldId": { + "markdownDescription": "The field ID that this operand should take the value of.", + "title": "FieldId", + "type": "string" + } + }, + "required": [ + "FieldId" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.OperandTwo": { + "additionalProperties": false, + "properties": { + "BooleanValue": { + "markdownDescription": "Boolean value type.", + "title": "BooleanValue", + "type": "boolean" + }, + "DoubleValue": { + "markdownDescription": "Double value type.", + "title": "DoubleValue", + "type": "number" + }, + "EmptyValue": { + "markdownDescription": "Represents an empty operand value. In the Amazon Connect admin website, case rules are known as *case field conditions* . For more information about case field conditions, see [Add case field conditions to a case template](https://docs.aws.amazon.com/connect/latest/adminguide/case-field-conditions.html) .", + "title": "EmptyValue", + "type": "object" + }, + "StringValue": { + "markdownDescription": "String value type.", + "title": "StringValue", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.RequiredCaseRule": { + "additionalProperties": false, + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" + }, + "markdownDescription": "List of conditions for the required rule; the first condition to evaluate to true dictates the value of the rule.", + "title": "Conditions", + "type": "array" + }, + "DefaultValue": { + "markdownDescription": "The value of the rule (that is, whether the field is required) should none of the conditions evaluate to true.", + "title": "DefaultValue", + "type": "boolean" + } + }, + "required": [ + "Conditions", + "DefaultValue" + ], + "type": "object" + }, + "AWS::Cases::Domain": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "markdownDescription": "The name of the domain.", + "title": "Name", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Cases::Domain" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Cases::Field": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Attributes": { + "$ref": "#/definitions/AWS::Cases::Field.FieldAttributes" + }, + "Description": { + "markdownDescription": "Description of the field.", "title": "Description", "type": "string" }, "DomainId": { - "markdownDescription": "Unique identifier of a Cases domain.", + "markdownDescription": "The unique identifier of the Cases domain.", "title": "DomainId", "type": "string" }, "Name": { - "markdownDescription": "Name of the case rule.", + "markdownDescription": "Name of the field.", "title": "Name", "type": "string" }, - "Rule": { - "$ref": "#/definitions/AWS::Cases::CaseRule.CaseRuleDetails", - "markdownDescription": "Represents what rule type should take place, under what conditions.", - "title": "Rule" - }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -48431,17 +50874,22 @@ "markdownDescription": "An array of key-value pairs to apply to this resource.", "title": "Tags", "type": "array" + }, + "Type": { + "markdownDescription": "Type of the field.", + "title": "Type", + "type": "string" } }, "required": [ "Name", - "Rule" + "Type" ], "type": "object" }, "Type": { "enum": [ - "AWS::Cases::CaseRule" + "AWS::Cases::Field" ], "type": "string" }, @@ -48460,313 +50908,24 @@ ], "type": "object" }, - "AWS::Cases::CaseRule.BooleanCondition": { - "additionalProperties": false, - "properties": { - "EqualTo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", - "markdownDescription": "Tests that operandOne is equal to operandTwo.", - "title": "EqualTo" - }, - "NotEqualTo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", - "markdownDescription": "Tests that operandOne is not equal to operandTwo.", - "title": "NotEqualTo" - } - }, - "type": "object" - }, - "AWS::Cases::CaseRule.BooleanOperands": { - "additionalProperties": false, - "properties": { - "OperandOne": { - "$ref": "#/definitions/AWS::Cases::CaseRule.OperandOne", - "markdownDescription": "Represents the left hand operand in the condition.", - "title": "OperandOne" - }, - "OperandTwo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.OperandTwo", - "markdownDescription": "Represents the right hand operand in the condition.", - "title": "OperandTwo" - }, - "Result": { - "markdownDescription": "The value of the outer rule if the condition evaluates to true.", - "title": "Result", - "type": "boolean" - } - }, - "required": [ - "OperandOne", - "OperandTwo", - "Result" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.CaseRuleDetails": { - "additionalProperties": false, - "properties": { - "Hidden": { - "$ref": "#/definitions/AWS::Cases::CaseRule.HiddenCaseRule", - "markdownDescription": "Whether a field is visible, based on values in other fields.", - "title": "Hidden" - }, - "Required": { - "$ref": "#/definitions/AWS::Cases::CaseRule.RequiredCaseRule", - "markdownDescription": "Required rule type, used to indicate whether a field is required.", - "title": "Required" - } - }, - "type": "object" - }, - "AWS::Cases::CaseRule.HiddenCaseRule": { + "AWS::Cases::Field.FieldAttributes": { "additionalProperties": false, "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" - }, - "markdownDescription": "A list of conditions that determine field visibility.", - "title": "Conditions", - "type": "array" - }, - "DefaultValue": { - "markdownDescription": "Whether the field is hidden when no conditions match.", - "title": "DefaultValue", - "type": "boolean" - } - }, - "required": [ - "Conditions", - "DefaultValue" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.OperandOne": { - "additionalProperties": false, - "properties": { - "FieldId": { - "markdownDescription": "The field ID that this operand should take the value of.", - "title": "FieldId", - "type": "string" - } - }, - "required": [ - "FieldId" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.OperandTwo": { - "additionalProperties": false, - "properties": { - "BooleanValue": { - "markdownDescription": "Boolean value type.", - "title": "BooleanValue", - "type": "boolean" - }, - "DoubleValue": { - "markdownDescription": "Double value type.", - "title": "DoubleValue", - "type": "number" - }, - "EmptyValue": { - "markdownDescription": "Represents an empty operand value. In the Amazon Connect admin website, case rules are known as *case field conditions* . For more information about case field conditions, see [Add case field conditions to a case template](https://docs.aws.amazon.com/connect/latest/adminguide/case-field-conditions.html) .", - "title": "EmptyValue", - "type": "object" - }, - "StringValue": { - "markdownDescription": "String value type.", - "title": "StringValue", - "type": "string" + "Text": { + "$ref": "#/definitions/AWS::Cases::Field.TextAttributes" } }, "type": "object" }, - "AWS::Cases::CaseRule.RequiredCaseRule": { + "AWS::Cases::Field.TextAttributes": { "additionalProperties": false, "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" - }, - "markdownDescription": "List of conditions for the required rule; the first condition to evaluate to true dictates the value of the rule.", - "title": "Conditions", - "type": "array" - }, - "DefaultValue": { - "markdownDescription": "The value of the rule (that is, whether the field is required) should none of the conditions evaluate to true.", - "title": "DefaultValue", + "IsMultiline": { "type": "boolean" } }, "required": [ - "Conditions", - "DefaultValue" - ], - "type": "object" - }, - "AWS::Cases::Domain": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Name": { - "markdownDescription": "The name of the domain.", - "title": "Name", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.", - "title": "Tags", - "type": "array" - } - }, - "required": [ - "Name" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Cases::Domain" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::Cases::Field": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Description": { - "markdownDescription": "Description of the field.", - "title": "Description", - "type": "string" - }, - "DomainId": { - "markdownDescription": "The unique identifier of the Cases domain.", - "title": "DomainId", - "type": "string" - }, - "Name": { - "markdownDescription": "Name of the field.", - "title": "Name", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.", - "title": "Tags", - "type": "array" - }, - "Type": { - "markdownDescription": "Type of the field.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Name", - "Type" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Cases::Field" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" + "IsMultiline" ], "type": "object" }, @@ -51444,6 +53603,9 @@ "AWS::CleanRooms::ConfiguredTable.AthenaTableReference": { "additionalProperties": false, "properties": { + "CatalogName": { + "type": "string" + }, "DatabaseName": { "markdownDescription": "The database name.", "title": "DatabaseName", @@ -52571,46 +54733,330 @@ "Properties": { "additionalProperties": false, "properties": { - "AutoRefresh": { - "markdownDescription": "How often the privacy budget refreshes.\n\n> If you plan to regularly bring new data into the collaboration, use `CALENDAR_MONTH` to automatically get a new privacy budget for the collaboration every calendar month. Choosing this option allows arbitrary amounts of information to be revealed about rows of the data when repeatedly queried across refreshes. Avoid choosing this if the same rows will be repeatedly queried between privacy budget refreshes.", - "title": "AutoRefresh", + "AutoRefresh": { + "markdownDescription": "How often the privacy budget refreshes.\n\n> If you plan to regularly bring new data into the collaboration, use `CALENDAR_MONTH` to automatically get a new privacy budget for the collaboration every calendar month. Choosing this option allows arbitrary amounts of information to be revealed about rows of the data when repeatedly queried across refreshes. Avoid choosing this if the same rows will be repeatedly queried between privacy budget refreshes.", + "title": "AutoRefresh", + "type": "string" + }, + "MembershipIdentifier": { + "markdownDescription": "The identifier for a membership resource.", + "title": "MembershipIdentifier", + "type": "string" + }, + "Parameters": { + "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.Parameters", + "markdownDescription": "Specifies the epsilon and noise parameters for the privacy budget template.", + "title": "Parameters" + }, + "PrivacyBudgetType": { + "markdownDescription": "Specifies the type of the privacy budget template.", + "title": "PrivacyBudgetType", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "AutoRefresh", + "MembershipIdentifier", + "Parameters", + "PrivacyBudgetType" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CleanRooms::PrivacyBudgetTemplate" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter": { + "additionalProperties": false, + "properties": { + "AutoRefresh": { + "markdownDescription": "Whether this individual budget parameter automatically refreshes when the budget period resets.", + "title": "AutoRefresh", + "type": "string" + }, + "Budget": { + "markdownDescription": "The budget allocation amount for this specific parameter.", + "title": "Budget", + "type": "number" + }, + "Type": { + "markdownDescription": "The type of budget parameter being configured.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Budget", + "Type" + ], + "type": "object" + }, + "AWS::CleanRooms::PrivacyBudgetTemplate.Parameters": { + "additionalProperties": false, + "properties": { + "BudgetParameters": { + "items": { + "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter" + }, + "markdownDescription": "", + "title": "BudgetParameters", + "type": "array" + }, + "Epsilon": { + "markdownDescription": "The epsilon value that you want to use.", + "title": "Epsilon", + "type": "number" + }, + "ResourceArn": { + "markdownDescription": "", + "title": "ResourceArn", + "type": "string" + }, + "UsersNoisePerQuery": { + "markdownDescription": "Noise added per query is measured in terms of the number of users whose contributions you want to obscure. This value governs the rate at which the privacy budget is depleted.", + "title": "UsersNoisePerQuery", + "type": "number" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "InferenceContainerConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.InferenceContainerConfig" + }, + "KmsKeyArn": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TrainingContainerConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.ContainerConfig" + } + }, + "required": [ + "Name", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CleanRoomsML::ConfiguredModelAlgorithm" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.ContainerConfig": { + "additionalProperties": false, + "properties": { + "Arguments": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Entrypoint": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ImageUri": { + "type": "string" + }, + "MetricDefinitions": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.MetricDefinition" + }, + "type": "array" + } + }, + "required": [ + "ImageUri" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.InferenceContainerConfig": { + "additionalProperties": false, + "properties": { + "ImageUri": { + "type": "string" + } + }, + "required": [ + "ImageUri" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.MetricDefinition": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Regex": { + "type": "string" + } + }, + "required": [ + "Name", + "Regex" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConfiguredModelAlgorithmArn": { "type": "string" }, - "MembershipIdentifier": { - "markdownDescription": "The identifier for a membership resource.", - "title": "MembershipIdentifier", + "Description": { "type": "string" }, - "Parameters": { - "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.Parameters", - "markdownDescription": "Specifies the epsilon and noise parameters for the privacy budget template.", - "title": "Parameters" + "MembershipIdentifier": { + "type": "string" }, - "PrivacyBudgetType": { - "markdownDescription": "Specifies the type of the privacy budget template.", - "title": "PrivacyBudgetType", + "Name": { "type": "string" }, + "PrivacyConfiguration": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfiguration" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource.", - "title": "Tags", "type": "array" } }, "required": [ - "AutoRefresh", + "ConfiguredModelAlgorithmArn", "MembershipIdentifier", - "Parameters", - "PrivacyBudgetType" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::CleanRooms::PrivacyBudgetTemplate" + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation" ], "type": "string" }, @@ -52629,58 +55075,200 @@ ], "type": "object" }, - "AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter": { + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.CustomEntityConfig": { "additionalProperties": false, "properties": { - "AutoRefresh": { - "markdownDescription": "Whether this individual budget parameter automatically refreshes when the budget period resets.", - "title": "AutoRefresh", + "CustomDataIdentifiers": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "CustomDataIdentifiers" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogRedactionConfiguration": { + "additionalProperties": false, + "properties": { + "CustomEntityConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.CustomEntityConfig" + }, + "EntitiesToRedact": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "EntitiesToRedact" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "AllowedAccountIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "FilterPattern": { "type": "string" }, - "Budget": { - "markdownDescription": "The budget allocation amount for this specific parameter.", - "title": "Budget", - "type": "number" + "LogRedactionConfiguration": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogRedactionConfiguration" }, - "Type": { - "markdownDescription": "The type of budget parameter being configured.", - "title": "Type", + "LogType": { "type": "string" } }, "required": [ - "Budget", - "Type" + "AllowedAccountIds" ], "type": "object" }, - "AWS::CleanRooms::PrivacyBudgetTemplate.Parameters": { + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.MetricsConfigurationPolicy": { "additionalProperties": false, "properties": { - "BudgetParameters": { + "NoiseLevel": { + "type": "string" + } + }, + "required": [ + "NoiseLevel" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfiguration": { + "additionalProperties": false, + "properties": { + "Policies": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfigurationPolicies" + } + }, + "required": [ + "Policies" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfigurationPolicies": { + "additionalProperties": false, + "properties": { + "TrainedModelExports": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsConfigurationPolicy" + }, + "TrainedModelInferenceJobs": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceJobsConfigurationPolicy" + }, + "TrainedModels": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelsConfigurationPolicy" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelArtifactMaxSize": { + "additionalProperties": false, + "properties": { + "Unit": { + "type": "string" + }, + "Value": { + "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "FilesToExport": { "items": { - "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter" + "type": "string" }, - "markdownDescription": "", - "title": "BudgetParameters", "type": "array" }, - "Epsilon": { - "markdownDescription": "The epsilon value that you want to use.", - "title": "Epsilon", + "MaxSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsMaxSize" + } + }, + "required": [ + "FilesToExport", + "MaxSize" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsMaxSize": { + "additionalProperties": false, + "properties": { + "Unit": { + "type": "string" + }, + "Value": { "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceJobsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "ContainerLogs": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy" + }, + "type": "array" }, - "ResourceArn": { - "markdownDescription": "", - "title": "ResourceArn", + "MaxOutputSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceMaxOutputSize" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceMaxOutputSize": { + "additionalProperties": false, + "properties": { + "Unit": { "type": "string" }, - "UsersNoisePerQuery": { - "markdownDescription": "Noise added per query is measured in terms of the number of users whose contributions you want to obscure. This value governs the rate at which the privacy budget is depleted.", - "title": "UsersNoisePerQuery", + "Value": { "type": "number" } }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "ContainerLogs": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy" + }, + "type": "array" + }, + "ContainerMetrics": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.MetricsConfigurationPolicy" + }, + "MaxArtifactSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelArtifactMaxSize" + } + }, "type": "object" }, "AWS::CleanRoomsML::TrainingDataset": { @@ -60423,6 +63011,12 @@ "title": "EvaluateLowSampleCountPercentile", "type": "string" }, + "EvaluationCriteria": { + "$ref": "#/definitions/AWS::CloudWatch::Alarm.EvaluationCriteria" + }, + "EvaluationInterval": { + "type": "number" + }, "EvaluationPeriods": { "markdownDescription": "The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an \"M out of N\" alarm, this value is the N, and `DatapointsToAlarm` is the M.\n\nFor more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *Amazon CloudWatch User Guide* .", "title": "EvaluationPeriods", @@ -60506,10 +63100,6 @@ "type": "string" } }, - "required": [ - "ComparisonOperator", - "EvaluationPeriods" - ], "type": "object" }, "Type": { @@ -60528,11 +63118,25 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, + "AWS::CloudWatch::Alarm.AlarmPromQLCriteria": { + "additionalProperties": false, + "properties": { + "PendingPeriod": { + "type": "number" + }, + "Query": { + "type": "string" + }, + "RecoveryPeriod": { + "type": "number" + } + }, + "type": "object" + }, "AWS::CloudWatch::Alarm.Dimension": { "additionalProperties": false, "properties": { @@ -60553,6 +63157,15 @@ ], "type": "object" }, + "AWS::CloudWatch::Alarm.EvaluationCriteria": { + "additionalProperties": false, + "properties": { + "PromQLCriteria": { + "$ref": "#/definitions/AWS::CloudWatch::Alarm.AlarmPromQLCriteria" + } + }, + "type": "object" + }, "AWS::CloudWatch::Alarm.Metric": { "additionalProperties": false, "properties": { @@ -69750,6 +72363,255 @@ ], "type": "object" }, + "AWS::ComputeOptimizer::AutomationRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Criteria": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.Criteria" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "OrganizationConfiguration": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.OrganizationConfiguration" + }, + "Priority": { + "type": "string" + }, + "RecommendedActionTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "RuleType": { + "type": "string" + }, + "Schedule": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.Schedule" + }, + "Status": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name", + "RecommendedActionTypes", + "RuleType", + "Schedule", + "Status" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ComputeOptimizer::AutomationRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.Criteria": { + "additionalProperties": false, + "properties": { + "EbsVolumeSizeInGib": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition" + }, + "type": "array" + }, + "EbsVolumeType": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "EstimatedMonthlySavings": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.DoubleCriteriaCondition" + }, + "type": "array" + }, + "LookBackPeriodInDays": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition" + }, + "type": "array" + }, + "Region": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "ResourceArn": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "ResourceTag": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.ResourceTagsCriteriaCondition" + }, + "type": "array" + }, + "RestartNeeded": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.DoubleCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "number" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "number" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.OrganizationConfiguration": { + "additionalProperties": false, + "properties": { + "AccountIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "RuleApplyOrder": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.ResourceTagsCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Key": { + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.Schedule": { + "additionalProperties": false, + "properties": { + "ExecutionWindowInMinutes": { + "type": "number" + }, + "ScheduleExpression": { + "type": "string" + }, + "ScheduleExpressionTimezone": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Config::AggregationAuthorization": { "additionalProperties": false, "properties": { @@ -71342,32 +74204,320 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the agent status.", + "markdownDescription": "The description of the agent status.", + "title": "Description", + "type": "string" + }, + "DisplayOrder": { + "markdownDescription": "The display order of the agent status.", + "title": "DisplayOrder", + "type": "number" + }, + "InstanceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance.", + "title": "InstanceArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the agent status.", + "title": "Name", + "type": "string" + }, + "ResetOrderNumber": { + "markdownDescription": "A number indicating the reset order of the agent status.", + "title": "ResetOrderNumber", + "type": "boolean" + }, + "State": { + "markdownDescription": "The state of the agent status.", + "title": "State", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", + "title": "Tags", + "type": "array" + }, + "Type": { + "markdownDescription": "The type of agent status.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "InstanceArn", + "Name", + "State" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::AgentStatus" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ApprovedOrigin": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "InstanceId": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance.\n\n*Minimum* : `1`\n\n*Maximum* : `100`", + "title": "InstanceId", + "type": "string" + }, + "Origin": { + "markdownDescription": "Domain name to be added to the allow-list of the instance.\n\n*Maximum* : `267`", + "title": "Origin", + "type": "string" + } + }, + "required": [ + "InstanceId", + "Origin" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::ApprovedOrigin" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ContactFlow": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Content": { + "markdownDescription": "The content of the flow.\n\nFor more information, see [Amazon Connect Flow language](https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html) in the *Amazon Connect Administrator Guide* .", + "title": "Content", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the flow.", + "title": "Description", + "type": "string" + }, + "InstanceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", + "title": "InstanceArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the flow.", + "title": "Name", + "type": "string" + }, + "State": { + "markdownDescription": "The state of the flow.", + "title": "State", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + }, + "Type": { + "markdownDescription": "The type of the flow. For descriptions of the available types, see [Choose a flow type](https://docs.aws.amazon.com/connect/latest/adminguide/create-contact-flow.html#contact-flow-types) in the *Amazon Connect Administrator Guide* .", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Content", + "InstanceArn", + "Name", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::ContactFlow" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ContactFlowModule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Content": { + "markdownDescription": "The content of the flow module.", + "title": "Content", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the flow module.", "title": "Description", "type": "string" }, - "DisplayOrder": { - "markdownDescription": "The display order of the agent status.", - "title": "DisplayOrder", - "type": "number" + "ExternalInvocationConfiguration": { + "$ref": "#/definitions/AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration", + "markdownDescription": "The external invocation configuration for the flow module", + "title": "ExternalInvocationConfiguration" }, "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the instance.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", "title": "InstanceArn", "type": "string" }, "Name": { - "markdownDescription": "The name of the agent status.", + "markdownDescription": "The name of the flow module.", "title": "Name", "type": "string" }, - "ResetOrderNumber": { - "markdownDescription": "A number indicating the reset order of the agent status.", - "title": "ResetOrderNumber", - "type": "boolean" + "Settings": { + "markdownDescription": "The configuration settings for the flow module.", + "title": "Settings", + "type": "string" }, "State": { - "markdownDescription": "The state of the agent status.", + "markdownDescription": "The state of the flow module.", "title": "State", "type": "string" }, @@ -71375,26 +74525,21 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "title": "Tags", "type": "array" - }, - "Type": { - "markdownDescription": "The type of agent status.", - "title": "Type", - "type": "string" } }, "required": [ + "Content", "InstanceArn", - "Name", - "State" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::AgentStatus" + "AWS::Connect::ContactFlowModule" ], "type": "string" }, @@ -71413,80 +74558,21 @@ ], "type": "object" }, - "AWS::Connect::ApprovedOrigin": { + "AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration": { "additionalProperties": false, "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "InstanceId": { - "markdownDescription": "The Amazon Resource Name (ARN) of the instance.\n\n*Minimum* : `1`\n\n*Maximum* : `100`", - "title": "InstanceId", - "type": "string" - }, - "Origin": { - "markdownDescription": "Domain name to be added to the allow-list of the instance.\n\n*Maximum* : `267`", - "title": "Origin", - "type": "string" - } - }, - "required": [ - "InstanceId", - "Origin" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Connect::ApprovedOrigin" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" + "Enabled": { + "markdownDescription": "Enable external invocation.", + "title": "Enabled", + "type": "boolean" } }, "required": [ - "Type", - "Properties" + "Enabled" ], "type": "object" }, - "AWS::Connect::ContactFlow": { + "AWS::Connect::ContactFlowModuleAlias": { "additionalProperties": false, "properties": { "Condition": { @@ -71521,56 +74607,29 @@ "Properties": { "additionalProperties": false, "properties": { - "Content": { - "markdownDescription": "The content of the flow.\n\nFor more information, see [Amazon Connect Flow language](https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html) in the *Amazon Connect Administrator Guide* .", - "title": "Content", + "ContactFlowModuleId": { "type": "string" }, - "Description": { - "markdownDescription": "The description of the flow.", - "title": "Description", - "type": "string" + "ContactFlowModuleVersion": { + "type": "number" }, - "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", - "title": "InstanceArn", + "Description": { "type": "string" }, "Name": { - "markdownDescription": "The name of the flow.", - "title": "Name", - "type": "string" - }, - "State": { - "markdownDescription": "The state of the flow.", - "title": "State", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", - "type": "array" - }, - "Type": { - "markdownDescription": "The type of the flow. For descriptions of the available types, see [Choose a flow type](https://docs.aws.amazon.com/connect/latest/adminguide/create-contact-flow.html#contact-flow-types) in the *Amazon Connect Administrator Guide* .", - "title": "Type", "type": "string" } }, "required": [ - "Content", - "InstanceArn", - "Name", - "Type" + "ContactFlowModuleId", + "ContactFlowModuleVersion", + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::ContactFlow" + "AWS::Connect::ContactFlowModuleAlias" ], "type": "string" }, @@ -71589,7 +74648,7 @@ ], "type": "object" }, - "AWS::Connect::ContactFlowModule": { + "AWS::Connect::ContactFlowModuleVersion": { "additionalProperties": false, "properties": { "Condition": { @@ -71624,60 +74683,21 @@ "Properties": { "additionalProperties": false, "properties": { - "Content": { - "markdownDescription": "The content of the flow module.", - "title": "Content", + "ContactFlowModuleId": { "type": "string" }, "Description": { - "markdownDescription": "The description of the flow module.", - "title": "Description", "type": "string" - }, - "ExternalInvocationConfiguration": { - "$ref": "#/definitions/AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration", - "markdownDescription": "The external invocation configuration for the flow module", - "title": "ExternalInvocationConfiguration" - }, - "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", - "title": "InstanceArn", - "type": "string" - }, - "Name": { - "markdownDescription": "The name of the flow module.", - "title": "Name", - "type": "string" - }, - "Settings": { - "markdownDescription": "The configuration settings for the flow module.", - "title": "Settings", - "type": "string" - }, - "State": { - "markdownDescription": "The state of the flow module.", - "title": "State", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", - "type": "array" } }, "required": [ - "Content", - "InstanceArn", - "Name" + "ContactFlowModuleId" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::ContactFlowModule" + "AWS::Connect::ContactFlowModuleVersion" ], "type": "string" }, @@ -71696,20 +74716,6 @@ ], "type": "object" }, - "AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "Enable external invocation.", - "title": "Enabled", - "type": "boolean" - } - }, - "required": [ - "Enabled" - ], - "type": "object" - }, "AWS::Connect::ContactFlowVersion": { "additionalProperties": false, "properties": { @@ -74443,6 +77449,12 @@ "Properties": { "additionalProperties": false, "properties": { + "AdditionalEmailAddresses": { + "items": { + "$ref": "#/definitions/AWS::Connect::Queue.EmailAddress" + }, + "type": "array" + }, "Description": { "markdownDescription": "The description of the queue.", "title": "Description", @@ -74528,6 +77540,18 @@ ], "type": "object" }, + "AWS::Connect::Queue.EmailAddress": { + "additionalProperties": false, + "properties": { + "EmailAddressArn": { + "type": "string" + } + }, + "required": [ + "EmailAddressArn" + ], + "type": "object" + }, "AWS::Connect::Queue.OutboundCallerConfig": { "additionalProperties": false, "properties": { @@ -75504,6 +78528,12 @@ "title": "AllowedAccessControlTags", "type": "array" }, + "AllowedFlowModules": { + "items": { + "$ref": "#/definitions/AWS::Connect::SecurityProfile.FlowModule" + }, + "type": "array" + }, "Applications": { "items": { "$ref": "#/definitions/AWS::Connect::SecurityProfile.Application" @@ -75607,6 +78637,9 @@ "markdownDescription": "Namespace of the application that you want to give access to.", "title": "Namespace", "type": "string" + }, + "Type": { + "type": "string" } }, "required": [ @@ -75626,6 +78659,22 @@ }, "type": "object" }, + "AWS::Connect::SecurityProfile.FlowModule": { + "additionalProperties": false, + "properties": { + "FlowModuleId": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "FlowModuleId", + "Type" + ], + "type": "object" + }, "AWS::Connect::SecurityProfile.GranularAccessControlConfiguration": { "additionalProperties": false, "properties": { @@ -77500,6 +80549,9 @@ "title": "ConnectInstanceId", "type": "string" }, + "EntryLimitsConfig": { + "$ref": "#/definitions/AWS::ConnectCampaignsV2::Campaign.EntryLimitsConfig" + }, "Name": { "markdownDescription": "The name of the outbound campaign.", "title": "Name", @@ -77771,6 +80823,22 @@ }, "type": "object" }, + "AWS::ConnectCampaignsV2::Campaign.EntryLimitsConfig": { + "additionalProperties": false, + "properties": { + "MaxEntryCount": { + "type": "number" + }, + "MinEntryInterval": { + "type": "string" + } + }, + "required": [ + "MaxEntryCount", + "MinEntryInterval" + ], + "type": "object" + }, "AWS::ConnectCampaignsV2::Campaign.EventTrigger": { "additionalProperties": false, "properties": { @@ -79592,6 +82660,9 @@ "title": "ObjectTypeNames", "type": "array" }, + "Scope": { + "type": "string" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -80112,6 +83183,9 @@ "title": "SourceLastUpdatedTimestampFormat", "type": "string" }, + "SourcePriority": { + "type": "number" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -80232,6 +83306,187 @@ }, "type": "object" }, + "AWS::CustomerProfiles::Recommender": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "DomainName": { + "type": "string" + }, + "RecommenderConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.RecommenderConfig" + }, + "RecommenderName": { + "type": "string" + }, + "RecommenderRecipeName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DomainName", + "RecommenderName", + "RecommenderRecipeName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CustomerProfiles::Recommender" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.EventParameters": { + "additionalProperties": false, + "properties": { + "EventType": { + "type": "string" + }, + "EventValueThreshold": { + "type": "number" + } + }, + "required": [ + "EventType" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.EventsConfig": { + "additionalProperties": false, + "properties": { + "EventParametersList": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.EventParameters" + }, + "type": "array" + } + }, + "required": [ + "EventParametersList" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.Metrics": { + "additionalProperties": false, + "properties": { + "coverage": { + "type": "number" + }, + "freshness": { + "type": "number" + }, + "hit": { + "type": "number" + }, + "popularity": { + "type": "number" + }, + "recall": { + "type": "number" + }, + "similarity": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.RecommenderConfig": { + "additionalProperties": false, + "properties": { + "EventsConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.EventsConfig" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.RecommenderUpdate": { + "additionalProperties": false, + "properties": { + "CreationDateTime": { + "type": "string" + }, + "FailureReason": { + "type": "string" + }, + "LastUpdatedDateTime": { + "type": "string" + }, + "RecommenderConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.RecommenderConfig" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.TrainingMetrics": { + "additionalProperties": false, + "properties": { + "Metrics": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.Metrics" + }, + "Time": { + "type": "string" + } + }, + "type": "object" + }, "AWS::CustomerProfiles::SegmentDefinition": { "additionalProperties": false, "properties": { @@ -80292,6 +83547,9 @@ "markdownDescription": "Contains all groups of the segment definition.", "title": "SegmentGroups" }, + "SegmentSort": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SegmentSort" + }, "SegmentSqlQuery": { "markdownDescription": "", "title": "SegmentSqlQuery", @@ -80455,295 +83713,332 @@ ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.Dimension": { + "AWS::CustomerProfiles::SegmentDefinition.Dimension": { + "additionalProperties": false, + "properties": { + "CalculatedAttributes": { + "additionalProperties": false, + "markdownDescription": "Object that holds the calculated attributes to segment on.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.CalculatedAttributeDimension" + } + }, + "title": "CalculatedAttributes", + "type": "object" + }, + "ProfileAttributes": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes", + "markdownDescription": "Object that holds the profile attributes to segment on.", + "title": "ProfileAttributes" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment with.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "The values to apply the DimensionType on.", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.Group": { + "additionalProperties": false, + "properties": { + "Dimensions": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Dimension" + }, + "markdownDescription": "Defines the attributes to segment on.", + "title": "Dimensions", + "type": "array" + }, + "SourceSegments": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SourceSegment" + }, + "markdownDescription": "Defines the starting source of data.", + "title": "SourceSegments", + "type": "array" + }, + "SourceType": { + "markdownDescription": "Defines how to interact with the source data.", + "title": "SourceType", + "type": "string" + }, + "Type": { + "markdownDescription": "Defines how to interact with the profiles found in the current filtering.", + "title": "Type", + "type": "string" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes": { + "additionalProperties": false, + "properties": { + "AccountNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within account number.", + "title": "AccountNumber" + }, + "AdditionalInformation": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension", + "markdownDescription": "A field to describe values to segment on within additional information.", + "title": "AdditionalInformation" + }, + "Address": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within address.", + "title": "Address" + }, + "Attributes": { + "additionalProperties": false, + "markdownDescription": "A field to describe values to segment on within attributes.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AttributeDimension" + } + }, + "title": "Attributes", + "type": "object" + }, + "BillingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within billing address.", + "title": "BillingAddress" + }, + "BirthDate": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.DateDimension", + "markdownDescription": "A field to describe values to segment on within birthDate.", + "title": "BirthDate" + }, + "BusinessEmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business email address.", + "title": "BusinessEmailAddress" + }, + "BusinessName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business name.", + "title": "BusinessName" + }, + "BusinessPhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business phone number.", + "title": "BusinessPhoneNumber" + }, + "EmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within email address.", + "title": "EmailAddress" + }, + "FirstName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within first name.", + "title": "FirstName" + }, + "GenderString": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within genderString.", + "title": "GenderString" + }, + "HomePhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within home phone number.", + "title": "HomePhoneNumber" + }, + "LastName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within last name.", + "title": "LastName" + }, + "MailingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within mailing address.", + "title": "MailingAddress" + }, + "MiddleName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within middle name.", + "title": "MiddleName" + }, + "MobilePhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within mobile phone number.", + "title": "MobilePhoneNumber" + }, + "PartyTypeString": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within partyTypeString.", + "title": "PartyTypeString" + }, + "PersonalEmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within personal email address.", + "title": "PersonalEmailAddress" + }, + "PhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within phone number.", + "title": "PhoneNumber" + }, + "ProfileType": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension", + "markdownDescription": "The type of profile.", + "title": "ProfileType" + }, + "ShippingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within shipping address.", + "title": "ShippingAddress" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment on.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment on.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "The values to apply the DimensionType on.", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.RangeOverride": { "additionalProperties": false, "properties": { - "CalculatedAttributes": { - "additionalProperties": false, - "markdownDescription": "Object that holds the calculated attributes to segment on.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.CalculatedAttributeDimension" - } - }, - "title": "CalculatedAttributes", - "type": "object" + "End": { + "markdownDescription": "The end time of when to include objects.", + "title": "End", + "type": "number" }, - "ProfileAttributes": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes", - "markdownDescription": "Object that holds the profile attributes to segment on.", - "title": "ProfileAttributes" - } - }, - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension": { - "additionalProperties": false, - "properties": { - "DimensionType": { - "markdownDescription": "The action to segment with.", - "title": "DimensionType", - "type": "string" + "Start": { + "markdownDescription": "The start time of when to include objects.", + "title": "Start", + "type": "number" }, - "Values": { - "items": { - "type": "string" - }, - "markdownDescription": "The values to apply the DimensionType on.", - "title": "Values", - "type": "array" + "Unit": { + "markdownDescription": "The unit for start and end.", + "title": "Unit", + "type": "string" } }, "required": [ - "DimensionType", - "Values" + "Start", + "Unit" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.Group": { + "AWS::CustomerProfiles::SegmentDefinition.SegmentGroup": { "additionalProperties": false, "properties": { - "Dimensions": { - "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Dimension" - }, - "markdownDescription": "Defines the attributes to segment on.", - "title": "Dimensions", - "type": "array" - }, - "SourceSegments": { + "Groups": { "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SourceSegment" + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Group" }, - "markdownDescription": "Defines the starting source of data.", - "title": "SourceSegments", + "markdownDescription": "Holds the list of groups within the segment definition.", + "title": "Groups", "type": "array" }, - "SourceType": { - "markdownDescription": "Defines how to interact with the source data.", - "title": "SourceType", - "type": "string" - }, - "Type": { - "markdownDescription": "Defines how to interact with the profiles found in the current filtering.", - "title": "Type", + "Include": { + "markdownDescription": "Defines whether to include or exclude the profiles that fit the segment criteria.", + "title": "Include", "type": "string" } }, "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes": { + "AWS::CustomerProfiles::SegmentDefinition.SegmentSort": { "additionalProperties": false, "properties": { - "AccountNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within account number.", - "title": "AccountNumber" - }, - "AdditionalInformation": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension", - "markdownDescription": "A field to describe values to segment on within additional information.", - "title": "AdditionalInformation" - }, - "Address": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within address.", - "title": "Address" - }, "Attributes": { - "additionalProperties": false, - "markdownDescription": "A field to describe values to segment on within attributes.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AttributeDimension" - } - }, - "title": "Attributes", - "type": "object" - }, - "BillingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within billing address.", - "title": "BillingAddress" - }, - "BirthDate": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.DateDimension", - "markdownDescription": "A field to describe values to segment on within birthDate.", - "title": "BirthDate" - }, - "BusinessEmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business email address.", - "title": "BusinessEmailAddress" - }, - "BusinessName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business name.", - "title": "BusinessName" - }, - "BusinessPhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business phone number.", - "title": "BusinessPhoneNumber" - }, - "EmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within email address.", - "title": "EmailAddress" - }, - "FirstName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within first name.", - "title": "FirstName" - }, - "GenderString": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within genderString.", - "title": "GenderString" - }, - "HomePhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within home phone number.", - "title": "HomePhoneNumber" - }, - "LastName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within last name.", - "title": "LastName" - }, - "MailingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within mailing address.", - "title": "MailingAddress" - }, - "MiddleName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within middle name.", - "title": "MiddleName" - }, - "MobilePhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within mobile phone number.", - "title": "MobilePhoneNumber" - }, - "PartyTypeString": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within partyTypeString.", - "title": "PartyTypeString" - }, - "PersonalEmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within personal email address.", - "title": "PersonalEmailAddress" - }, - "PhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within phone number.", - "title": "PhoneNumber" - }, - "ProfileType": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension", - "markdownDescription": "The type of profile.", - "title": "ProfileType" - }, - "ShippingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within shipping address.", - "title": "ShippingAddress" - } - }, - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileDimension": { - "additionalProperties": false, - "properties": { - "DimensionType": { - "markdownDescription": "The action to segment on.", - "title": "DimensionType", - "type": "string" - }, - "Values": { "items": { - "type": "string" + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SortAttribute" }, - "markdownDescription": "", - "title": "Values", "type": "array" } }, "required": [ - "DimensionType", - "Values" + "Attributes" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension": { + "AWS::CustomerProfiles::SegmentDefinition.SortAttribute": { "additionalProperties": false, "properties": { - "DimensionType": { - "markdownDescription": "The action to segment on.", - "title": "DimensionType", + "DataType": { "type": "string" }, - "Values": { - "items": { - "type": "string" - }, - "markdownDescription": "The values to apply the DimensionType on.", - "title": "Values", - "type": "array" - } - }, - "required": [ - "DimensionType", - "Values" - ], - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.RangeOverride": { - "additionalProperties": false, - "properties": { - "End": { - "markdownDescription": "The end time of when to include objects.", - "title": "End", - "type": "number" + "Name": { + "type": "string" }, - "Start": { - "markdownDescription": "The start time of when to include objects.", - "title": "Start", - "type": "number" + "Order": { + "type": "string" }, - "Unit": { - "markdownDescription": "The unit for start and end.", - "title": "Unit", + "Type": { "type": "string" } }, "required": [ - "Start", - "Unit" + "Name", + "Order" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.SegmentGroup": { - "additionalProperties": false, - "properties": { - "Groups": { - "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Group" - }, - "markdownDescription": "Holds the list of groups within the segment definition.", - "title": "Groups", - "type": "array" - }, - "Include": { - "markdownDescription": "Defines whether to include or exclude the profiles that fit the segment criteria.", - "title": "Include", - "type": "string" - } - }, - "type": "object" - }, "AWS::CustomerProfiles::SegmentDefinition.SourceSegment": { "additionalProperties": false, "properties": { @@ -81522,6 +84817,12 @@ "AWS::DLM::LifecyclePolicy.FastRestoreRule": { "additionalProperties": false, "properties": { + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "AvailabilityZones": { "items": { "type": "string" @@ -88286,6 +91587,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationFSxONTAP.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationFSxONTAP.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationFSxONTAP.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationFSxONTAP.NFS": { "additionalProperties": false, "properties": { @@ -88330,11 +91671,20 @@ "AWS::DataSync::LocationFSxONTAP.SMB": { "additionalProperties": false, "properties": { + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.CustomSecretConfig" + }, "Domain": { "markdownDescription": "Specifies the name of the Windows domain that your storage virtual machine (SVM) belongs to.\n\nIf you have multiple domains in your environment, configuring this setting makes sure that DataSync connects to the right SVM.\n\nIf you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right SVM.", "title": "Domain", "type": "string" }, + "ManagedSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.ManagedSecretConfig" + }, "MountOptions": { "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.SmbMountOptions", "markdownDescription": "Specifies how DataSync can access a location using the SMB protocol.", @@ -88353,7 +91703,6 @@ }, "required": [ "MountOptions", - "Password", "User" ], "type": "object" @@ -88534,6 +91883,12 @@ "Properties": { "additionalProperties": false, "properties": { + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxWindows.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxWindows.CustomSecretConfig" + }, "Domain": { "markdownDescription": "Specifies the name of the Windows domain that the FSx for Windows File Server file system belongs to.\n\nIf you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right file system.", "title": "Domain", @@ -88603,6 +91958,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationFSxWindows.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationFSxWindows.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationFSxWindows.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationHDFS": { "additionalProperties": false, "properties": { @@ -88656,6 +92051,12 @@ "title": "BlockSize", "type": "number" }, + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationHDFS.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationHDFS.CustomSecretConfig" + }, "KerberosKeytab": { "markdownDescription": "The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. Provide the base64-encoded file text. If `KERBEROS` is specified for `AuthType` , this value is required.", "title": "KerberosKeytab", @@ -88741,6 +92142,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationHDFS.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationHDFS.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationHDFS.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationHDFS.NameNode": { "additionalProperties": false, "properties": { @@ -90118,6 +93559,12 @@ "$ref": "#/definitions/AWS::DataZone::Connection.SparkGluePropertiesInput", "markdownDescription": "The Spark AWS Glue properties of a connection.", "title": "SparkGlueProperties" + }, + "WorkflowsMwaaProperties": { + "$ref": "#/definitions/AWS::DataZone::Connection.WorkflowsMwaaPropertiesInput" + }, + "WorkflowsServerlessProperties": { + "type": "object" } }, "type": "object" @@ -90615,6 +94062,15 @@ ], "type": "object" }, + "AWS::DataZone::Connection.WorkflowsMwaaPropertiesInput": { + "additionalProperties": false, + "properties": { + "MwaaEnvironmentName": { + "type": "string" + } + }, + "type": "object" + }, "AWS::DataZone::DataSource": { "additionalProperties": false, "properties": { @@ -92579,6 +96035,12 @@ "title": "ProjectProfileVersion", "type": "string" }, + "ResourceTags": { + "items": { + "$ref": "#/definitions/AWS::DataZone::Project.ResourceTag" + }, + "type": "array" + }, "UserParameters": { "items": { "$ref": "#/definitions/AWS::DataZone::Project.EnvironmentConfigurationUserParameter" @@ -92655,6 +96117,22 @@ }, "type": "object" }, + "AWS::DataZone::Project.ResourceTag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, "AWS::DataZone::ProjectMembership": { "additionalProperties": false, "properties": { @@ -92791,6 +96269,9 @@ "Properties": { "additionalProperties": false, "properties": { + "AllowCustomProjectResourceTags": { + "type": "boolean" + }, "Description": { "markdownDescription": "The description of the project profile.", "title": "Description", @@ -92819,6 +96300,15 @@ "title": "Name", "type": "string" }, + "ProjectResourceTags": { + "items": { + "$ref": "#/definitions/AWS::DataZone::ProjectProfile.ResourceTagParameter" + }, + "type": "array" + }, + "ProjectResourceTagsDescription": { + "type": "string" + }, "Status": { "markdownDescription": "The status of a project profile.", "title": "Status", @@ -92986,6 +96476,26 @@ ], "type": "object" }, + "AWS::DataZone::ProjectProfile.ResourceTagParameter": { + "additionalProperties": false, + "properties": { + "IsValueEditable": { + "type": "boolean" + }, + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "IsValueEditable", + "Key", + "Value" + ], + "type": "object" + }, "AWS::DataZone::SubscriptionTarget": { "additionalProperties": false, "properties": { @@ -93294,6 +96804,9 @@ "Properties": { "additionalProperties": false, "properties": { + "CostScaleFactor": { + "type": "number" + }, "Description": { "markdownDescription": "A description of the farm that helps identify what the farm is used for.\n\n> This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.", "title": "Description", @@ -93537,9 +97050,27 @@ ], "type": "object" }, + "AWS::Deadline::Fleet.CustomerManagedAutoScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScaleOutWorkersPerMinute": { + "type": "number" + }, + "StandbyWorkerCount": { + "type": "number" + }, + "WorkerIdleDurationSeconds": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Fleet.CustomerManagedFleetConfiguration": { "additionalProperties": false, "properties": { + "AutoScalingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Fleet.CustomerManagedAutoScalingConfiguration" + }, "Mode": { "markdownDescription": "The Auto Scaling mode for the customer managed fleet.", "title": "Mode", @@ -93778,9 +97309,27 @@ ], "type": "object" }, + "AWS::Deadline::Fleet.ServiceManagedEc2AutoScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScaleOutWorkersPerMinute": { + "type": "number" + }, + "StandbyWorkerCount": { + "type": "number" + }, + "WorkerIdleDurationSeconds": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Fleet.ServiceManagedEc2FleetConfiguration": { "additionalProperties": false, "properties": { + "AutoScalingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Fleet.ServiceManagedEc2AutoScalingConfiguration" + }, "InstanceCapabilities": { "$ref": "#/definitions/AWS::Deadline::Fleet.ServiceManagedEc2InstanceCapabilities", "markdownDescription": "The instance capabilities for the service managed EC2 fleet.", @@ -94225,6 +97774,9 @@ "title": "IdentityCenterInstanceArn", "type": "string" }, + "IdentityCenterRegion": { + "type": "string" + }, "RoleArn": { "markdownDescription": "The Amazon Resource Name of the IAM role for the monitor. Users of the monitor use this role to access Deadline Cloud resources.", "title": "RoleArn", @@ -94359,6 +97911,9 @@ "title": "RoleArn", "type": "string" }, + "SchedulingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingConfiguration" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -94459,6 +98014,81 @@ ], "type": "object" }, + "AWS::Deadline::Queue.PriorityBalancedSchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "RenderingTaskBuffer": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "PriorityBalanced": { + "$ref": "#/definitions/AWS::Deadline::Queue.PriorityBalancedSchedulingConfiguration" + }, + "PriorityFifo": { + "type": "object" + }, + "WeightedBalanced": { + "$ref": "#/definitions/AWS::Deadline::Queue.WeightedBalancedSchedulingConfiguration" + } + }, + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingMaxPriorityOverride": { + "additionalProperties": false, + "properties": { + "AlwaysScheduleFirst": { + "type": "object" + } + }, + "required": [ + "AlwaysScheduleFirst" + ], + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingMinPriorityOverride": { + "additionalProperties": false, + "properties": { + "AlwaysScheduleLast": { + "type": "object" + } + }, + "required": [ + "AlwaysScheduleLast" + ], + "type": "object" + }, + "AWS::Deadline::Queue.WeightedBalancedSchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "ErrorWeight": { + "type": "number" + }, + "MaxPriorityOverride": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingMaxPriorityOverride" + }, + "MinPriorityOverride": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingMinPriorityOverride" + }, + "PriorityWeight": { + "type": "number" + }, + "RenderingTaskBuffer": { + "type": "number" + }, + "RenderingTaskWeight": { + "type": "number" + }, + "SubmissionTimeWeight": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Queue.WindowsUser": { "additionalProperties": false, "properties": { @@ -95108,6 +98738,9 @@ "title": "Description", "type": "string" }, + "KmsKeyArn": { + "type": "string" + }, "Name": { "markdownDescription": "The name of the Agent Space.", "title": "Name", @@ -95115,6 +98748,12 @@ }, "OperatorApp": { "$ref": "#/definitions/AWS::DevOpsAgent::AgentSpace.OperatorApp" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -95808,11 +99447,20 @@ "Properties": { "additionalProperties": false, "properties": { + "KmsKeyArn": { + "type": "string" + }, "ServiceDetails": { "$ref": "#/definitions/AWS::DevOpsAgent::Service.ServiceDetails" }, "ServiceType": { "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -96481,20 +100129,624 @@ "Properties": { "additionalProperties": false, "properties": { - "ResourceCollectionFilter": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter", - "markdownDescription": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", - "title": "ResourceCollectionFilter" + "ResourceCollectionFilter": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter", + "markdownDescription": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", + "title": "ResourceCollectionFilter" + } + }, + "required": [ + "ResourceCollectionFilter" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DevOpsGuru::ResourceCollection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter": { + "additionalProperties": false, + "properties": { + "StackNames": { + "items": { + "type": "string" + }, + "markdownDescription": "An array of CloudFormation stack names.", + "title": "StackNames", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter": { + "additionalProperties": false, + "properties": { + "CloudFormation": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter", + "markdownDescription": "Information about AWS CloudFormation stacks. You can use up to 1000 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", + "title": "CloudFormation" + }, + "Tags": { + "items": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.TagCollection" + }, + "markdownDescription": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- A field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. The tag value is a required property when AppBoundaryKey is specified.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `DevOps-Guru-deployment-application` or `devops-guru-rds-application` . When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "title": "Tags", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "additionalProperties": false, + "properties": { + "AppBoundaryKey": { + "markdownDescription": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "title": "AppBoundaryKey", + "type": "string" + }, + "TagValues": { + "items": { + "type": "string" + }, + "markdownDescription": "The values in an AWS tag collection.\n\nThe tag's *value* is a field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value. The tag value is a required property when *AppBoundaryKey* is specified.", + "title": "TagValues", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DirectConnect::Connection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Bandwidth": { + "type": "string" + }, + "ConnectionName": { + "type": "string" + }, + "LagId": { + "type": "string" + }, + "Location": { + "type": "string" + }, + "ProviderName": { + "type": "string" + }, + "RequestMACSec": { + "type": "boolean" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Bandwidth", + "ConnectionName", + "Location" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::Connection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::DirectConnectGateway": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AmazonSideAsn": { + "type": "string" + }, + "DirectConnectGatewayName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DirectConnectGatewayName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::DirectConnectGateway" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::DirectConnectGatewayAssociation": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AcceptDirectConnectGatewayAssociationProposalRoleArn": { + "type": "string" + }, + "AllowedPrefixesToDirectConnectGateway": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AssociatedGatewayId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + } + }, + "required": [ + "AssociatedGatewayId", + "DirectConnectGatewayId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::DirectConnectGatewayAssociation" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::Lag": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConnectionsBandwidth": { + "type": "string" + }, + "LagName": { + "type": "string" + }, + "Location": { + "type": "string" + }, + "MinimumLinks": { + "type": "number" + }, + "ProviderName": { + "type": "string" + }, + "RequestMACSec": { + "type": "boolean" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "ConnectionsBandwidth", + "LagName", + "Location" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::Lag" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::PrivateVirtualInterface": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocatePrivateVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::PrivateVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + }, + "EnableSiteLink": { + "type": "boolean" + }, + "Mtu": { + "type": "number" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualGatewayId": { + "type": "string" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" + } + }, + "required": [ + "BgpPeers", + "ConnectionId", + "VirtualInterfaceName", + "Vlan" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::PrivateVirtualInterface" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::PrivateVirtualInterface.BgpPeer": { + "additionalProperties": false, + "properties": { + "AddressFamily": { + "type": "string" + }, + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" + } + }, + "required": [ + "AddressFamily", + "Asn" + ], + "type": "object" + }, + "AWS::DirectConnect::PublicVirtualInterface": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocatePublicVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::PublicVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "RouteFilterPrefixes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" } }, "required": [ - "ResourceCollectionFilter" + "BgpPeers", + "ConnectionId", + "VirtualInterfaceName", + "Vlan" ], "type": "object" }, "Type": { "enum": [ - "AWS::DevOpsGuru::ResourceCollection" + "AWS::DirectConnect::PublicVirtualInterface" ], "type": "string" }, @@ -96513,56 +100765,159 @@ ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter": { + "AWS::DirectConnect::PublicVirtualInterface.BgpPeer": { "additionalProperties": false, "properties": { - "StackNames": { - "items": { - "type": "string" - }, - "markdownDescription": "An array of CloudFormation stack names.", - "title": "StackNames", - "type": "array" + "AddressFamily": { + "type": "string" + }, + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" } }, + "required": [ + "AddressFamily", + "Asn" + ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter": { + "AWS::DirectConnect::TransitVirtualInterface": { "additionalProperties": false, "properties": { - "CloudFormation": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter", - "markdownDescription": "Information about AWS CloudFormation stacks. You can use up to 1000 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", - "title": "CloudFormation" + "Condition": { + "type": "string" }, - "Tags": { - "items": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.TagCollection" + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocateTransitVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::TransitVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + }, + "EnableSiteLink": { + "type": "boolean" + }, + "Mtu": { + "type": "number" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" + } }, - "markdownDescription": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- A field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. The tag value is a required property when AppBoundaryKey is specified.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `DevOps-Guru-deployment-application` or `devops-guru-rds-application` . When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", - "title": "Tags", - "type": "array" + "required": [ + "BgpPeers", + "ConnectionId", + "DirectConnectGatewayId", + "VirtualInterfaceName", + "Vlan" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::TransitVirtualInterface" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" } }, + "required": [ + "Type", + "Properties" + ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "AWS::DirectConnect::TransitVirtualInterface.BgpPeer": { "additionalProperties": false, "properties": { - "AppBoundaryKey": { - "markdownDescription": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", - "title": "AppBoundaryKey", + "AddressFamily": { "type": "string" }, - "TagValues": { - "items": { - "type": "string" - }, - "markdownDescription": "The values in an AWS tag collection.\n\nThe tag's *value* is a field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value. The tag value is a required property when *AppBoundaryKey* is specified.", - "title": "TagValues", - "type": "array" + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" } }, + "required": [ + "AddressFamily", + "Asn" + ], "type": "object" }, "AWS::DirectoryService::MicrosoftAD": { @@ -99729,6 +104084,9 @@ "title": "TrafficIpAddressType", "type": "string" }, + "TransitGatewayConfiguration": { + "$ref": "#/definitions/AWS::EC2::ClientVpnEndpoint.TransitGatewayConfiguration" + }, "TransportProtocol": { "markdownDescription": "The transport protocol to be used by the VPN session.\n\nDefault value: `udp`", "title": "TransportProtocol", @@ -99945,6 +104303,30 @@ ], "type": "object" }, + "AWS::EC2::ClientVpnEndpoint.TransitGatewayConfiguration": { + "additionalProperties": false, + "properties": { + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AvailabilityZones": { + "items": { + "type": "string" + }, + "type": "array" + }, + "TransitGatewayId": { + "type": "string" + } + }, + "required": [ + "TransitGatewayId" + ], + "type": "object" + }, "AWS::EC2::ClientVpnRoute": { "additionalProperties": false, "properties": { @@ -100003,8 +104385,7 @@ }, "required": [ "ClientVpnEndpointId", - "DestinationCidrBlock", - "TargetVpcSubnetId" + "DestinationCidrBlock" ], "type": "object" }, @@ -100064,6 +104445,12 @@ "Properties": { "additionalProperties": false, "properties": { + "AvailabilityZone": { + "type": "string" + }, + "AvailabilityZoneId": { + "type": "string" + }, "ClientVpnEndpointId": { "markdownDescription": "The ID of the Client VPN endpoint.", "title": "ClientVpnEndpointId", @@ -100076,8 +104463,7 @@ } }, "required": [ - "ClientVpnEndpointId", - "SubnetId" + "ClientVpnEndpointId" ], "type": "object" }, @@ -100371,6 +104757,9 @@ "title": "ReplaceUnhealthyInstances", "type": "boolean" }, + "ReservedCapacityOptions": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.ReservedCapacityOptionsRequest" + }, "SpotOptions": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.SpotOptionsRequest", "markdownDescription": "Describes the configuration of Spot Instances in an EC2 Fleet.", @@ -100644,6 +105033,9 @@ "title": "BlockDeviceMappings", "type": "array" }, + "IamInstanceProfile": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.IamInstanceProfileSpecification" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.InstanceRequirementsRequest", "markdownDescription": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.\n\n> If you specify `InstanceRequirements` , you can't specify `InstanceType` .", @@ -100654,11 +105046,23 @@ "title": "InstanceType", "type": "string" }, + "KeyName": { + "type": "string" + }, "MaxPrice": { "markdownDescription": "The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.\n\n> If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.\n> \n> If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an `InvalidParameterValue` error message.", "title": "MaxPrice", "type": "string" }, + "MetadataOptions": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.InstanceMetadataOptionsRequest" + }, + "NetworkInterfaces": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.NetworkInterfaceSpecificationRequest" + }, + "type": "array" + }, "Placement": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.Placement", "markdownDescription": "The location where the instance launched, if applicable.", @@ -100695,6 +105099,9 @@ "title": "LaunchTemplateName", "type": "string" }, + "LaunchTemplateSpecificationUserData": { + "type": "string" + }, "Version": { "markdownDescription": "The launch template version number, `$Latest` , or `$Default` . You must specify a value, otherwise the request fails.\n\nIf the value is `$Latest` , Amazon EC2 uses the latest version of the launch template.\n\nIf the value is `$Default` , Amazon EC2 uses the default version of the launch template.", "title": "Version", @@ -100706,6 +105113,33 @@ ], "type": "object" }, + "AWS::EC2::EC2Fleet.IamInstanceProfileSpecification": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "Name": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::EC2Fleet.InstanceMetadataOptionsRequest": { + "additionalProperties": false, + "properties": { + "HttpEndpoint": { + "type": "string" + }, + "HttpPutResponseHopLimit": { + "type": "number" + }, + "HttpTokens": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.InstanceRequirementsRequest": { "additionalProperties": false, "properties": { @@ -100866,6 +105300,15 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.Ipv6AddressRequest": { + "additionalProperties": false, + "properties": { + "Ipv6Address": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.MaintenanceStrategies": { "additionalProperties": false, "properties": { @@ -100941,6 +105384,63 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.NetworkInterfaceSpecificationRequest": { + "additionalProperties": false, + "properties": { + "AssociatePublicIpAddress": { + "type": "boolean" + }, + "DeleteOnTermination": { + "type": "boolean" + }, + "Description": { + "type": "string" + }, + "DeviceIndex": { + "type": "number" + }, + "Groups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "InterfaceType": { + "type": "string" + }, + "Ipv6AddressCount": { + "type": "number" + }, + "Ipv6Addresses": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.Ipv6AddressRequest" + }, + "type": "array" + }, + "NetworkCardIndex": { + "type": "number" + }, + "NetworkInterfaceId": { + "type": "string" + }, + "PrivateIpAddress": { + "type": "string" + }, + "PrivateIpAddresses": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.PrivateIpAddressSpecificationRequest" + }, + "type": "array" + }, + "SecondaryPrivateIpAddressCount": { + "type": "number" + }, + "SubnetId": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.OnDemandOptionsRequest": { "additionalProperties": false, "properties": { @@ -101034,6 +105534,30 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.PrivateIpAddressSpecificationRequest": { + "additionalProperties": false, + "properties": { + "Primary": { + "type": "boolean" + }, + "PrivateIpAddress": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::EC2Fleet.ReservedCapacityOptionsRequest": { + "additionalProperties": false, + "properties": { + "ReservationTypes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.SpotOptionsRequest": { "additionalProperties": false, "properties": { @@ -102075,104 +106599,310 @@ "additionalProperties": false, "properties": { "AddressFamily": { - "markdownDescription": "The address family of the pool.", - "title": "AddressFamily", - "type": "string" - }, - "AllocationDefaultNetmaskLength": { - "markdownDescription": "The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.", - "title": "AllocationDefaultNetmaskLength", - "type": "number" - }, - "AllocationMaxNetmaskLength": { - "markdownDescription": "The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", - "title": "AllocationMaxNetmaskLength", - "type": "number" - }, - "AllocationMinNetmaskLength": { - "markdownDescription": "The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", - "title": "AllocationMinNetmaskLength", - "type": "number" - }, - "AllocationResourceTags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.", - "title": "AllocationResourceTags", - "type": "array" - }, - "AutoImport": { - "markdownDescription": "If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.\n\nA locale must be set on the pool for this feature to work.", - "title": "AutoImport", - "type": "boolean" - }, - "AwsService": { - "markdownDescription": "Limits which service in AWS that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.", - "title": "AwsService", + "markdownDescription": "The address family of the pool.", + "title": "AddressFamily", + "type": "string" + }, + "AllocationDefaultNetmaskLength": { + "markdownDescription": "The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.", + "title": "AllocationDefaultNetmaskLength", + "type": "number" + }, + "AllocationMaxNetmaskLength": { + "markdownDescription": "The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", + "title": "AllocationMaxNetmaskLength", + "type": "number" + }, + "AllocationMinNetmaskLength": { + "markdownDescription": "The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", + "title": "AllocationMinNetmaskLength", + "type": "number" + }, + "AllocationResourceTags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.", + "title": "AllocationResourceTags", + "type": "array" + }, + "AutoImport": { + "markdownDescription": "If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.\n\nA locale must be set on the pool for this feature to work.", + "title": "AutoImport", + "type": "boolean" + }, + "AwsService": { + "markdownDescription": "Limits which service in AWS that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.", + "title": "AwsService", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the IPAM pool.", + "title": "Description", + "type": "string" + }, + "IpamScopeId": { + "markdownDescription": "The ID of the scope in which you would like to create the IPAM pool.", + "title": "IpamScopeId", + "type": "string" + }, + "Locale": { + "markdownDescription": "The locale of the IPAM pool.\n\nThe locale for the pool should be one of the following:\n\n- An AWS Region where you want this IPAM pool to be available for allocations.\n- The network border group for an AWS Local Zone where you want this IPAM pool to be available for allocations ( [supported Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-zone-avail) ). This option is only available for IPAM IPv4 pools in the public scope.\n\nIf you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.", + "title": "Locale", + "type": "string" + }, + "ProvisionedCidrs": { + "items": { + "$ref": "#/definitions/AWS::EC2::IPAMPool.ProvisionedCidr" + }, + "markdownDescription": "Information about the CIDRs provisioned to an IPAM pool.", + "title": "ProvisionedCidrs", + "type": "array" + }, + "PublicIpSource": { + "markdownDescription": "The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is `BYOIP` . For more information, see [Create IPv6 pools](https://docs.aws.amazon.com//vpc/latest/ipam/intro-create-ipv6-pools.html) in the *Amazon VPC IPAM User Guide* . By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see [Quotas for your IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/quotas-ipam.html) in the *Amazon VPC IPAM User Guide* .", + "title": "PublicIpSource", + "type": "string" + }, + "PubliclyAdvertisable": { + "markdownDescription": "Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to `ipv4` .", + "title": "PubliclyAdvertisable", + "type": "boolean" + }, + "SourceIpamPoolId": { + "markdownDescription": "The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.", + "title": "SourceIpamPoolId", + "type": "string" + }, + "SourceResource": { + "$ref": "#/definitions/AWS::EC2::IPAMPool.SourceResource", + "markdownDescription": "The resource used to provision CIDRs to a resource planning pool.", + "title": "SourceResource" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "AddressFamily", + "IpamScopeId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::IPAMPool" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::EC2::IPAMPool.ProvisionedCidr": { + "additionalProperties": false, + "properties": { + "Cidr": { + "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", + "title": "Cidr", + "type": "string" + } + }, + "required": [ + "Cidr" + ], + "type": "object" + }, + "AWS::EC2::IPAMPool.SourceResource": { + "additionalProperties": false, + "properties": { + "ResourceId": { + "markdownDescription": "The source resource ID.", + "title": "ResourceId", + "type": "string" + }, + "ResourceOwner": { + "markdownDescription": "The source resource owner.", + "title": "ResourceOwner", + "type": "string" + }, + "ResourceRegion": { + "markdownDescription": "The source resource Region.", + "title": "ResourceRegion", + "type": "string" + }, + "ResourceType": { + "markdownDescription": "The source resource type.", + "title": "ResourceType", + "type": "string" + } + }, + "required": [ + "ResourceId", + "ResourceOwner", + "ResourceRegion", + "ResourceType" + ], + "type": "object" + }, + "AWS::EC2::IPAMPoolCidr": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Cidr": { + "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", + "title": "Cidr", + "type": "string" + }, + "IpamPoolId": { + "markdownDescription": "The ID of the IPAM pool.", + "title": "IpamPoolId", + "type": "string" + }, + "NetmaskLength": { + "markdownDescription": "The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. \"NetmaskLength\" or \"Cidr\" is required.", + "title": "NetmaskLength", + "type": "number" + } + }, + "required": [ + "IpamPoolId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::IPAMPoolCidr" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::EC2::IPAMPrefixListResolver": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AddressFamily": { "type": "string" }, "Description": { - "markdownDescription": "The description of the IPAM pool.", - "title": "Description", "type": "string" }, - "IpamScopeId": { - "markdownDescription": "The ID of the scope in which you would like to create the IPAM pool.", - "title": "IpamScopeId", - "type": "string" - }, - "Locale": { - "markdownDescription": "The locale of the IPAM pool.\n\nThe locale for the pool should be one of the following:\n\n- An AWS Region where you want this IPAM pool to be available for allocations.\n- The network border group for an AWS Local Zone where you want this IPAM pool to be available for allocations ( [supported Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-zone-avail) ). This option is only available for IPAM IPv4 pools in the public scope.\n\nIf you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.", - "title": "Locale", + "IpamId": { "type": "string" }, - "ProvisionedCidrs": { + "Rules": { "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPool.ProvisionedCidr" + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule" }, - "markdownDescription": "Information about the CIDRs provisioned to an IPAM pool.", - "title": "ProvisionedCidrs", "type": "array" }, - "PublicIpSource": { - "markdownDescription": "The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is `BYOIP` . For more information, see [Create IPv6 pools](https://docs.aws.amazon.com//vpc/latest/ipam/intro-create-ipv6-pools.html) in the *Amazon VPC IPAM User Guide* . By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see [Quotas for your IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/quotas-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "title": "PublicIpSource", - "type": "string" - }, - "PubliclyAdvertisable": { - "markdownDescription": "Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to `ipv4` .", - "title": "PubliclyAdvertisable", - "type": "boolean" - }, - "SourceIpamPoolId": { - "markdownDescription": "The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.", - "title": "SourceIpamPoolId", - "type": "string" - }, - "SourceResource": { - "$ref": "#/definitions/AWS::EC2::IPAMPool.SourceResource", - "markdownDescription": "The resource used to provision CIDRs to a resource planning pool.", - "title": "SourceResource" - }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value.", - "title": "Tags", "type": "array" } }, "required": [ - "AddressFamily", - "IpamScopeId" + "AddressFamily" ], "type": "object" }, "Type": { "enum": [ - "AWS::EC2::IPAMPool" + "AWS::EC2::IPAMPrefixListResolver" ], "type": "string" }, @@ -102191,130 +106921,64 @@ ], "type": "object" }, - "AWS::EC2::IPAMPool.ProvisionedCidr": { - "additionalProperties": false, - "properties": { - "Cidr": { - "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", - "title": "Cidr", - "type": "string" - } - }, - "required": [ - "Cidr" - ], - "type": "object" - }, - "AWS::EC2::IPAMPool.SourceResource": { + "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule": { "additionalProperties": false, "properties": { - "ResourceId": { - "markdownDescription": "The source resource ID.", - "title": "ResourceId", + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition" + }, + "type": "array" + }, + "IpamScopeId": { "type": "string" }, - "ResourceOwner": { - "markdownDescription": "The source resource owner.", - "title": "ResourceOwner", + "ResourceType": { "type": "string" }, - "ResourceRegion": { - "markdownDescription": "The source resource Region.", - "title": "ResourceRegion", + "RuleType": { "type": "string" }, - "ResourceType": { - "markdownDescription": "The source resource type.", - "title": "ResourceType", + "StaticCidr": { "type": "string" } }, "required": [ - "ResourceId", - "ResourceOwner", - "ResourceRegion", - "ResourceType" + "RuleType" ], "type": "object" }, - "AWS::EC2::IPAMPoolCidr": { + "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition": { "additionalProperties": false, "properties": { - "Condition": { + "Cidr": { "type": "string" }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "IpamPoolId": { "type": "string" }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" + "Operation": { + "type": "string" }, - "Properties": { - "additionalProperties": false, - "properties": { - "Cidr": { - "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", - "title": "Cidr", - "type": "string" - }, - "IpamPoolId": { - "markdownDescription": "The ID of the IPAM pool.", - "title": "IpamPoolId", - "type": "string" - }, - "NetmaskLength": { - "markdownDescription": "The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. \"NetmaskLength\" or \"Cidr\" is required.", - "title": "NetmaskLength", - "type": "number" - } - }, - "required": [ - "IpamPoolId" - ], - "type": "object" + "ResourceId": { + "type": "string" }, - "Type": { - "enum": [ - "AWS::EC2::IPAMPoolCidr" - ], + "ResourceOwner": { "type": "string" }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "ResourceRegion": { "type": "string" + }, + "ResourceTag": { + "$ref": "#/definitions/Tag" } }, "required": [ - "Type", - "Properties" + "Operation" ], "type": "object" }, - "AWS::EC2::IPAMPrefixListResolver": { + "AWS::EC2::IPAMPrefixListResolverTarget": { "additionalProperties": false, "properties": { "Condition": { @@ -102349,36 +107013,39 @@ "Properties": { "additionalProperties": false, "properties": { - "AddressFamily": { - "type": "string" + "DesiredVersion": { + "type": "number" }, - "Description": { + "IpamPrefixListResolverId": { "type": "string" }, - "IpamId": { + "PrefixListId": { "type": "string" }, - "Rules": { - "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule" - }, - "type": "array" + "PrefixListRegion": { + "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, "type": "array" + }, + "TrackLatestVersion": { + "type": "boolean" } }, "required": [ - "AddressFamily" + "IpamPrefixListResolverId", + "PrefixListId", + "PrefixListRegion", + "TrackLatestVersion" ], "type": "object" }, "Type": { "enum": [ - "AWS::EC2::IPAMPrefixListResolver" + "AWS::EC2::IPAMPrefixListResolverTarget" ], "type": "string" }, @@ -102397,63 +107064,6 @@ ], "type": "object" }, - "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule": { - "additionalProperties": false, - "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition" - }, - "type": "array" - }, - "IpamScopeId": { - "type": "string" - }, - "ResourceType": { - "type": "string" - }, - "RuleType": { - "type": "string" - }, - "StaticCidr": { - "type": "string" - } - }, - "required": [ - "RuleType" - ], - "type": "object" - }, - "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition": { - "additionalProperties": false, - "properties": { - "Cidr": { - "type": "string" - }, - "IpamPoolId": { - "type": "string" - }, - "Operation": { - "type": "string" - }, - "ResourceId": { - "type": "string" - }, - "ResourceOwner": { - "type": "string" - }, - "ResourceRegion": { - "type": "string" - }, - "ResourceTag": { - "$ref": "#/definitions/Tag" - } - }, - "required": [ - "Operation" - ], - "type": "object" - }, "AWS::EC2::IPAMResourceDiscovery": { "additionalProperties": false, "properties": { @@ -103619,6 +108229,30 @@ ], "type": "object" }, + "AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames": { + "additionalProperties": false, + "properties": { + "DnsName": { + "type": "string" + }, + "FipsDnsName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointPublicDnsNames": { + "additionalProperties": false, + "properties": { + "Dualstack": { + "$ref": "#/definitions/AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames" + }, + "Ipv4": { + "$ref": "#/definitions/AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames" + } + }, + "type": "object" + }, "AWS::EC2::InternetGateway": { "additionalProperties": false, "properties": { @@ -110308,6 +114942,74 @@ }, "type": "object" }, + "AWS::EC2::SqlHaStandbyDetectedInstance": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "InstanceId": { + "type": "string" + }, + "SqlServerCredentials": { + "type": "string" + } + }, + "required": [ + "InstanceId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::SqlHaStandbyDetectedInstance" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::EC2::Subnet": { "additionalProperties": false, "properties": { @@ -116973,6 +121675,15 @@ }, "type": "object" }, + "AWS::ECS::CapacityProvider.AutoRepairConfiguration": { + "additionalProperties": false, + "properties": { + "ActionsStatus": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.AutoScalingGroupProvider": { "additionalProperties": false, "properties": { @@ -117018,6 +121729,18 @@ }, "type": "object" }, + "AWS::ECS::CapacityProvider.CapacityReservationRequest": { + "additionalProperties": false, + "properties": { + "ReservationGroupArn": { + "type": "string" + }, + "ReservationPreference": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.InfrastructureOptimization": { "additionalProperties": false, "properties": { @@ -117037,6 +121760,9 @@ "title": "CapacityOptionType", "type": "string" }, + "CapacityReservations": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.CapacityReservationRequest" + }, "Ec2InstanceProfileArn": { "markdownDescription": "The Amazon Resource Name (ARN) of the instance profile that Amazon ECS applies to Amazon ECS Managed Instances. This instance profile must include the necessary permissions for your tasks to access AWS services and resources.\n\nFor more information, see [Amazon ECS instance profile for Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-instance-profile.html) in the *Amazon ECS Developer Guide* .", "title": "Ec2InstanceProfileArn", @@ -117045,11 +121771,17 @@ "FipsEnabled": { "type": "boolean" }, + "InstanceMetadataTagsPropagation": { + "type": "boolean" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InstanceRequirementsRequest", "markdownDescription": "The instance requirements. You can specify:\n\n- The instance types\n- Instance requirements such as vCPU count, memory, network performance, and accelerator specifications\n\nAmazon ECS automatically selects the instances that match the specified criteria.", "title": "InstanceRequirements" }, + "LocalStorageConfiguration": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.ManagedInstancesLocalStorageConfiguration" + }, "Monitoring": { "markdownDescription": "CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see [Detailed monitoring for Amazon ECS Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/detailed-monitoring-managed-instances.html) in the Amazon ECS Developer Guide.", "title": "Monitoring", @@ -117226,6 +121958,15 @@ ], "type": "object" }, + "AWS::ECS::CapacityProvider.ManagedInstancesLocalStorageConfiguration": { + "additionalProperties": false, + "properties": { + "UseLocalStorage": { + "type": "boolean" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.ManagedInstancesNetworkConfiguration": { "additionalProperties": false, "properties": { @@ -117255,6 +121996,9 @@ "AWS::ECS::CapacityProvider.ManagedInstancesProvider": { "additionalProperties": false, "properties": { + "AutoRepairConfiguration": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.AutoRepairConfiguration" + }, "InfrastructureOptimization": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InfrastructureOptimization", "markdownDescription": "Defines how Amazon ECS Managed Instances optimizes the infrastastructure in your capacity provider. Configure it to turn on or off the infrastructure optimization in your capacity provider, and to control the idle or underutilized EC2 instances optimization delay.", @@ -117701,37 +122445,274 @@ "Properties": { "additionalProperties": false, "properties": { - "CapacityProviders": { + "CapacityProviders": { + "items": { + "type": "string" + }, + "markdownDescription": "The capacity providers to associate with the cluster.", + "title": "CapacityProviders", + "type": "array" + }, + "Cluster": { + "markdownDescription": "The cluster the capacity provider association is the target of.", + "title": "Cluster", + "type": "string" + }, + "DefaultCapacityProviderStrategy": { + "items": { + "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy" + }, + "markdownDescription": "The default capacity provider strategy to associate with the cluster.", + "title": "DefaultCapacityProviderStrategy", + "type": "array" + } + }, + "required": [ + "Cluster", + "DefaultCapacityProviderStrategy" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ECS::ClusterCapacityProviderAssociations" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy": { + "additionalProperties": false, + "properties": { + "Base": { + "markdownDescription": "The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.\n\nBase value characteristics:\n\n- Only one capacity provider in a strategy can have a base defined\n- The default value is `0` if not specified\n- The valid range is 0 to 100,000\n- Base requirements are satisfied first before weight distribution", + "title": "Base", + "type": "number" + }, + "CapacityProvider": { + "markdownDescription": "The short name of the capacity provider. This can be either an AWS managed capacity provider ( `FARGATE` or `FARGATE_SPOT` ) or the name of a custom capacity provider that you created.", + "title": "CapacityProvider", + "type": "string" + }, + "Weight": { + "markdownDescription": "The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied.\n\nIf no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.\n\nWeight value characteristics:\n\n- Weight is considered after the base value is satisfied\n- The default value is `0` if not specified\n- The valid range is 0 to 1,000\n- At least one capacity provider must have a weight greater than zero\n- Capacity providers with weight of `0` cannot place tasks\n\nTask distribution logic:\n\n- Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider\n- Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios\n\nExamples:\n\nEqual Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met.\n\nWeighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4` , then for every 1 task on A, 4 tasks will run on B.", + "title": "Weight", + "type": "number" + } + }, + "required": [ + "CapacityProvider" + ], + "type": "object" + }, + "AWS::ECS::Daemon": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CapacityProviderArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ClusterArn": { + "type": "string" + }, + "DaemonName": { + "type": "string" + }, + "DaemonTaskDefinitionArn": { + "type": "string" + }, + "DeploymentConfiguration": { + "$ref": "#/definitions/AWS::ECS::Daemon.DaemonDeploymentConfiguration" + }, + "EnableECSManagedTags": { + "type": "boolean" + }, + "EnableExecuteCommand": { + "type": "boolean" + }, + "PropagateTags": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ECS::Daemon" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::ECS::Daemon.DaemonAlarmConfiguration": { + "additionalProperties": false, + "properties": { + "AlarmNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Enable": { + "type": "boolean" + } + }, + "type": "object" + }, + "AWS::ECS::Daemon.DaemonDeploymentConfiguration": { + "additionalProperties": false, + "properties": { + "Alarms": { + "$ref": "#/definitions/AWS::ECS::Daemon.DaemonAlarmConfiguration" + }, + "BakeTimeInMinutes": { + "type": "number" + }, + "DrainPercent": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ContainerDefinitions": { "items": { - "type": "string" + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.DaemonContainerDefinition" }, - "markdownDescription": "The capacity providers to associate with the cluster.", - "title": "CapacityProviders", "type": "array" }, - "Cluster": { - "markdownDescription": "The cluster the capacity provider association is the target of.", - "title": "Cluster", + "Cpu": { "type": "string" }, - "DefaultCapacityProviderStrategy": { + "ExecutionRoleArn": { + "type": "string" + }, + "Family": { + "type": "string" + }, + "Memory": { + "type": "string" + }, + "Tags": { "items": { - "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy" + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TaskRoleArn": { + "type": "string" + }, + "Volumes": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Volume" }, - "markdownDescription": "The default capacity provider strategy to associate with the cluster.", - "title": "DefaultCapacityProviderStrategy", "type": "array" } }, - "required": [ - "Cluster", - "DefaultCapacityProviderStrategy" - ], "type": "object" }, "Type": { "enum": [ - "AWS::ECS::ClusterCapacityProviderAssociations" + "AWS::ECS::DaemonTaskDefinition" ], "type": "string" }, @@ -117745,35 +122726,431 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, - "AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy": { + "AWS::ECS::DaemonTaskDefinition.ContainerDependency": { "additionalProperties": false, "properties": { - "Base": { - "markdownDescription": "The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.\n\nBase value characteristics:\n\n- Only one capacity provider in a strategy can have a base defined\n- The default value is `0` if not specified\n- The valid range is 0 to 100,000\n- Base requirements are satisfied first before weight distribution", - "title": "Base", + "Condition": { + "type": "string" + }, + "ContainerName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.DaemonContainerDefinition": { + "additionalProperties": false, + "properties": { + "Command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Cpu": { "type": "number" }, - "CapacityProvider": { - "markdownDescription": "The short name of the capacity provider. This can be either an AWS managed capacity provider ( `FARGATE` or `FARGATE_SPOT` ) or the name of a custom capacity provider that you created.", - "title": "CapacityProvider", + "DependsOn": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.ContainerDependency" + }, + "type": "array" + }, + "EntryPoint": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Environment": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.KeyValuePair" + }, + "type": "array" + }, + "EnvironmentFiles": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.EnvironmentFile" + }, + "type": "array" + }, + "Essential": { + "type": "boolean" + }, + "FirelensConfiguration": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.FirelensConfiguration" + }, + "HealthCheck": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.HealthCheck" + }, + "Image": { "type": "string" }, - "Weight": { - "markdownDescription": "The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied.\n\nIf no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.\n\nWeight value characteristics:\n\n- Weight is considered after the base value is satisfied\n- The default value is `0` if not specified\n- The valid range is 0 to 1,000\n- At least one capacity provider must have a weight greater than zero\n- Capacity providers with weight of `0` cannot place tasks\n\nTask distribution logic:\n\n- Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider\n- Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios\n\nExamples:\n\nEqual Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met.\n\nWeighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4` , then for every 1 task on A, 4 tasks will run on B.", - "title": "Weight", + "Interactive": { + "type": "boolean" + }, + "LinuxParameters": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.LinuxParameters" + }, + "LogConfiguration": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.LogConfiguration" + }, + "Memory": { + "type": "number" + }, + "MemoryReservation": { + "type": "number" + }, + "MountPoints": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.MountPoint" + }, + "type": "array" + }, + "Name": { + "type": "string" + }, + "Privileged": { + "type": "boolean" + }, + "PseudoTerminal": { + "type": "boolean" + }, + "ReadonlyRootFilesystem": { + "type": "boolean" + }, + "RepositoryCredentials": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.RepositoryCredentials" + }, + "RestartPolicy": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.RestartPolicy" + }, + "Secrets": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Secret" + }, + "type": "array" + }, + "StartTimeout": { + "type": "number" + }, + "StopTimeout": { "type": "number" + }, + "SystemControls": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.SystemControl" + }, + "type": "array" + }, + "Ulimits": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Ulimit" + }, + "type": "array" + }, + "User": { + "type": "string" + }, + "WorkingDirectory": { + "type": "string" } }, "required": [ - "CapacityProvider" + "Image", + "Name" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Device": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "HostPath": { + "type": "string" + }, + "Permissions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.EnvironmentFile": { + "additionalProperties": false, + "properties": { + "Type": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.FirelensConfiguration": { + "additionalProperties": false, + "properties": { + "Options": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "Type": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.HealthCheck": { + "additionalProperties": false, + "properties": { + "Command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Interval": { + "type": "number" + }, + "Retries": { + "type": "number" + }, + "StartPeriod": { + "type": "number" + }, + "Timeout": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.HostVolumeProperties": { + "additionalProperties": false, + "properties": { + "SourcePath": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.KernelCapabilities": { + "additionalProperties": false, + "properties": { + "Add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.KeyValuePair": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.LinuxParameters": { + "additionalProperties": false, + "properties": { + "Capabilities": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.KernelCapabilities" + }, + "Devices": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Device" + }, + "type": "array" + }, + "InitProcessEnabled": { + "type": "boolean" + }, + "Tmpfs": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Tmpfs" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.LogConfiguration": { + "additionalProperties": false, + "properties": { + "LogDriver": { + "type": "string" + }, + "Options": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "SecretOptions": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Secret" + }, + "type": "array" + } + }, + "required": [ + "LogDriver" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.MountPoint": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "ReadOnly": { + "type": "boolean" + }, + "SourceVolume": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.RepositoryCredentials": { + "additionalProperties": false, + "properties": { + "CredentialsParameter": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.RestartPolicy": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "IgnoredExitCodes": { + "items": { + "type": "number" + }, + "type": "array" + }, + "RestartAttemptPeriod": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Secret": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "ValueFrom": { + "type": "string" + } + }, + "required": [ + "Name", + "ValueFrom" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.SystemControl": { + "additionalProperties": false, + "properties": { + "Namespace": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Tmpfs": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "MountOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Size": { + "type": "number" + } + }, + "required": [ + "Size" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Ulimit": { + "additionalProperties": false, + "properties": { + "HardLimit": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "SoftLimit": { + "type": "number" + } + }, + "required": [ + "HardLimit", + "Name", + "SoftLimit" ], "type": "object" }, + "AWS::ECS::DaemonTaskDefinition.Volume": { + "additionalProperties": false, + "properties": { + "Host": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.HostVolumeProperties" + }, + "Name": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::ExpressGatewayService": { "additionalProperties": false, "properties": { @@ -120349,6 +125726,27 @@ }, "type": "object" }, + "AWS::ECS::TaskDefinition.S3FilesVolumeConfiguration": { + "additionalProperties": false, + "properties": { + "AccessPointArn": { + "type": "string" + }, + "FileSystemArn": { + "type": "string" + }, + "RootDirectory": { + "type": "string" + }, + "TransitEncryptionPort": { + "type": "number" + } + }, + "required": [ + "FileSystemArn" + ], + "type": "object" + }, "AWS::ECS::TaskDefinition.Secret": { "additionalProperties": false, "properties": { @@ -120489,6 +125887,9 @@ "markdownDescription": "The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.\n\nWhen using a volume configured at launch, the `name` is required and must also be specified as the volume name in the `ServiceVolumeConfiguration` or `TaskVolumeConfiguration` parameter when creating your service or standalone task.\n\nFor all other types of volumes, this name is referenced in the `sourceVolume` parameter of the `mountPoints` object in the container definition.\n\nWhen a volume is using the `efsVolumeConfiguration` , the name is required.", "title": "Name", "type": "string" + }, + "S3FilesVolumeConfiguration": { + "$ref": "#/definitions/AWS::ECS::TaskDefinition.S3FilesVolumeConfiguration" } }, "type": "object" @@ -122216,9 +127617,6 @@ "type": "array" } }, - "required": [ - "RemoteNodeNetworks" - ], "type": "object" }, "AWS::EKS::Cluster.RemoteNodeNetwork": { @@ -122785,6 +128183,9 @@ "markdownDescription": "The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `version` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .\n\n> You can't update other properties at the same time as updating `Version` .", "title": "Version", "type": "string" + }, + "WarmPoolConfig": { + "$ref": "#/definitions/AWS::EKS::Nodegroup.WarmPoolConfig" } }, "required": [ @@ -122986,6 +128387,27 @@ }, "type": "object" }, + "AWS::EKS::Nodegroup.WarmPoolConfig": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "MaxGroupPreparedCapacity": { + "type": "number" + }, + "MinSize": { + "type": "number" + }, + "PoolState": { + "type": "string" + }, + "ReuseOnScaleIn": { + "type": "boolean" + } + }, + "type": "object" + }, "AWS::EKS::PodIdentityAssociation": { "additionalProperties": false, "properties": { @@ -127868,14 +133290,6 @@ "title": "CacheParameterGroupName", "type": "string" }, - "CacheSecurityGroupNames": { - "items": { - "type": "string" - }, - "markdownDescription": "A list of cache security group names to associate with this replication group.", - "title": "CacheSecurityGroupNames", - "type": "array" - }, "CacheSubnetGroupName": { "markdownDescription": "The name of the cache subnet group to be used for the replication group.\n\n> If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see [AWS::ElastiCache::SubnetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-subnetgroup.html) .", "title": "CacheSubnetGroupName", @@ -128114,6 +133528,18 @@ }, "type": "object" }, + "AWS::ElastiCache::ReplicationGroup.Endpoint": { + "additionalProperties": false, + "properties": { + "Address": { + "type": "string" + }, + "Port": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ElastiCache::ReplicationGroup.KinesisFirehoseDestinationDetails": { "additionalProperties": false, "properties": { @@ -128194,6 +133620,30 @@ }, "type": "object" }, + "AWS::ElastiCache::ReplicationGroup.ReadEndPoint": { + "additionalProperties": false, + "properties": { + "Addresses": { + "type": "string" + }, + "AddressesList": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Ports": { + "type": "string" + }, + "PortsList": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::ElastiCache::SecurityGroup": { "additionalProperties": false, "properties": { @@ -132262,6 +137712,131 @@ }, "type": "object" }, + "AWS::ElementalInference::Feed": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Outputs": { + "items": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.GetOutput" + }, + "type": "array" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name", + "Outputs" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ElementalInference::Feed" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ElementalInference::Feed.ClippingConfig": { + "additionalProperties": false, + "properties": { + "CallbackMetadata": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ElementalInference::Feed.GetOutput": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "OutputConfig": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.OutputConfig" + }, + "Status": { + "type": "string" + } + }, + "required": [ + "Name", + "OutputConfig", + "Status" + ], + "type": "object" + }, + "AWS::ElementalInference::Feed.OutputConfig": { + "additionalProperties": false, + "properties": { + "Clipping": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.ClippingConfig" + }, + "Cropping": { + "type": "object" + } + }, + "type": "object" + }, "AWS::EntityResolution::IdMappingWorkflow": { "additionalProperties": false, "properties": { @@ -137846,6 +143421,21 @@ }, "type": "object" }, + "AWS::FSx::FileSystem.FsrmConfiguration": { + "additionalProperties": false, + "properties": { + "EventLogDestination": { + "type": "string" + }, + "FsrmServiceEnabled": { + "type": "boolean" + } + }, + "required": [ + "FsrmServiceEnabled" + ], + "type": "object" + }, "AWS::FSx::FileSystem.LustreConfiguration": { "additionalProperties": false, "properties": { @@ -138298,6 +143888,9 @@ "markdownDescription": "The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for Windows file system. By default, Amazon FSx automatically provisions 3 IOPS per GiB of storage capacity. You can provision additional IOPS per GiB of storage, up to the maximum limit associated with your chosen throughput capacity.", "title": "DiskIopsConfiguration" }, + "FsrmConfiguration": { + "$ref": "#/definitions/AWS::FSx::FileSystem.FsrmConfiguration" + }, "PreferredSubnetId": { "markdownDescription": "Required when `DeploymentType` is set to `MULTI_AZ_1` . This specifies the subnet in which you want the preferred file server to be located. For in- AWS applications, we recommend that you launch your clients in the same availability zone as your preferred file server to reduce cross-availability zone data transfer costs and minimize latency.", "title": "PreferredSubnetId", @@ -141244,6 +146837,9 @@ "title": "PerInstanceContainerGroupDefinitionName", "type": "string" }, + "PlayerGatewayMode": { + "type": "string" + }, "ScalingPolicies": { "items": { "$ref": "#/definitions/AWS::GameLift::ContainerFleet.ScalingPolicy" @@ -141427,6 +147023,9 @@ "markdownDescription": "", "title": "LocationCapacity" }, + "PlayerGatewayStatus": { + "type": "string" + }, "StoppedActions": { "items": { "type": "string" @@ -142074,6 +147673,12 @@ "title": "PeerVpcId", "type": "string" }, + "PlayerGatewayConfiguration": { + "$ref": "#/definitions/AWS::GameLift::Fleet.PlayerGatewayConfiguration" + }, + "PlayerGatewayMode": { + "type": "string" + }, "ResourceCreationLimitPolicy": { "$ref": "#/definitions/AWS::GameLift::Fleet.ResourceCreationLimitPolicy", "markdownDescription": "A policy that limits the number of game sessions that an individual player can create on instances in this fleet within a specified span of time.", @@ -142231,6 +147836,9 @@ "$ref": "#/definitions/AWS::GameLift::Fleet.LocationCapacity", "markdownDescription": "Current resource capacity settings for managed EC2 fleets and managed container fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region.\n\n*Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html)", "title": "LocationCapacity" + }, + "PlayerGatewayStatus": { + "type": "string" } }, "required": [ @@ -142253,6 +147861,15 @@ ], "type": "object" }, + "AWS::GameLift::Fleet.PlayerGatewayConfiguration": { + "additionalProperties": false, + "properties": { + "GameServerIpProtocolSupported": { + "type": "string" + } + }, + "type": "object" + }, "AWS::GameLift::Fleet.ResourceCreationLimitPolicy": { "additionalProperties": false, "properties": { @@ -143649,40 +149266,170 @@ "Properties": { "additionalProperties": false, "properties": { - "AcceleratorArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of your accelerator.", - "title": "AcceleratorArn", + "AcceleratorArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of your accelerator.", + "title": "AcceleratorArn", + "type": "string" + }, + "ClientAffinity": { + "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties\u2014source IP address, source port, destination IP address, destination port, and protocol\u2014to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties\u2014 source (client) IP address and destination IP address\u2014to select the hash value.\n\nThe default value is `NONE` .", + "title": "ClientAffinity", + "type": "string" + }, + "PortRanges": { + "items": { + "$ref": "#/definitions/AWS::GlobalAccelerator::Listener.PortRange" + }, + "markdownDescription": "The list of port ranges for the connections from clients to the accelerator.", + "title": "PortRanges", + "type": "array" + }, + "Protocol": { + "markdownDescription": "The protocol for the connections from clients to the accelerator.", + "title": "Protocol", + "type": "string" + } + }, + "required": [ + "AcceleratorArn", + "PortRanges", + "Protocol" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::GlobalAccelerator::Listener" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::GlobalAccelerator::Listener.PortRange": { + "additionalProperties": false, + "properties": { + "FromPort": { + "markdownDescription": "The first port in the range of ports, inclusive.", + "title": "FromPort", + "type": "number" + }, + "ToPort": { + "markdownDescription": "The last port in the range of ports, inclusive.", + "title": "ToPort", + "type": "number" + } + }, + "required": [ + "FromPort", + "ToPort" + ], + "type": "object" + }, + "AWS::Glue::Catalog": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllowFullTableExternalDataAccess": { "type": "string" }, - "ClientAffinity": { - "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties\u2014source IP address, source port, destination IP address, destination port, and protocol\u2014to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties\u2014 source (client) IP address and destination IP address\u2014to select the hash value.\n\nThe default value is `NONE` .", - "title": "ClientAffinity", - "type": "string" + "CatalogProperties": { + "$ref": "#/definitions/AWS::Glue::Catalog.CatalogProperties" }, - "PortRanges": { + "CreateDatabaseDefaultPermissions": { "items": { - "$ref": "#/definitions/AWS::GlobalAccelerator::Listener.PortRange" + "$ref": "#/definitions/AWS::Glue::Catalog.PrincipalPermissions" }, - "markdownDescription": "The list of port ranges for the connections from clients to the accelerator.", - "title": "PortRanges", "type": "array" }, - "Protocol": { - "markdownDescription": "The protocol for the connections from clients to the accelerator.", - "title": "Protocol", + "CreateTableDefaultPermissions": { + "items": { + "$ref": "#/definitions/AWS::Glue::Catalog.PrincipalPermissions" + }, + "type": "array" + }, + "Description": { + "type": "string" + }, + "FederatedCatalog": { + "$ref": "#/definitions/AWS::Glue::Catalog.FederatedCatalog" + }, + "Name": { + "type": "string" + }, + "OverwriteChildResourcePermissionsWithDefault": { "type": "string" + }, + "Parameters": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetRedshiftCatalog": { + "$ref": "#/definitions/AWS::Glue::Catalog.TargetRedshiftCatalog" } }, "required": [ - "AcceleratorArn", - "PortRanges", - "Protocol" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::GlobalAccelerator::Listener" + "AWS::Glue::Catalog" ], "type": "string" }, @@ -143701,23 +149448,99 @@ ], "type": "object" }, - "AWS::GlobalAccelerator::Listener.PortRange": { + "AWS::Glue::Catalog.CatalogProperties": { "additionalProperties": false, "properties": { - "FromPort": { - "markdownDescription": "The first port in the range of ports, inclusive.", - "title": "FromPort", - "type": "number" + "CustomProperties": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" }, - "ToPort": { - "markdownDescription": "The last port in the range of ports, inclusive.", - "title": "ToPort", - "type": "number" + "DataLakeAccessProperties": { + "$ref": "#/definitions/AWS::Glue::Catalog.DataLakeAccessProperties" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.DataLakeAccessProperties": { + "additionalProperties": false, + "properties": { + "AllowFullTableExternalDataAccess": { + "type": "string" + }, + "CatalogType": { + "type": "string" + }, + "DataLakeAccess": { + "type": "boolean" + }, + "DataTransferRole": { + "type": "string" + }, + "KmsKey": { + "type": "string" + }, + "ManagedWorkgroupName": { + "type": "string" + }, + "ManagedWorkgroupStatus": { + "type": "string" + }, + "RedshiftDatabaseName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.DataLakePrincipal": { + "additionalProperties": false, + "properties": { + "DataLakePrincipalIdentifier": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.FederatedCatalog": { + "additionalProperties": false, + "properties": { + "ConnectionName": { + "type": "string" + }, + "Identifier": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.PrincipalPermissions": { + "additionalProperties": false, + "properties": { + "Permissions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Principal": { + "$ref": "#/definitions/AWS::Glue::Catalog.DataLakePrincipal" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.TargetRedshiftCatalog": { + "additionalProperties": false, + "properties": { + "CatalogArn": { + "type": "string" } }, "required": [ - "FromPort", - "ToPort" + "CatalogArn" ], "type": "object" }, @@ -147147,6 +152970,9 @@ "title": "DatabaseName", "type": "string" }, + "Name": { + "type": "string" + }, "OpenTableFormatInput": { "$ref": "#/definitions/AWS::Glue::Table.OpenTableFormatInput", "markdownDescription": "Specifies an `OpenTableFormatInput` structure when creating an open format table.", @@ -147160,8 +152986,7 @@ }, "required": [ "CatalogId", - "DatabaseName", - "TableInput" + "DatabaseName" ], "type": "object" }, @@ -147213,6 +153038,9 @@ "AWS::Glue::Table.IcebergInput": { "additionalProperties": false, "properties": { + "IcebergTableInput": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergTableInput" + }, "MetadataOperation": { "$ref": "#/definitions/AWS::Glue::Table.MetadataOperation", "markdownDescription": "A required metadata operation. Can only be set to CREATE.", @@ -147226,6 +153054,169 @@ }, "type": "object" }, + "AWS::Glue::Table.IcebergPartitionField": { + "additionalProperties": false, + "properties": { + "FieldId": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "SourceId": { + "type": "number" + }, + "Transform": { + "type": "string" + } + }, + "required": [ + "Name", + "SourceId", + "Transform" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergPartitionSpec": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergPartitionField" + }, + "type": "array" + }, + "SpecId": { + "type": "number" + } + }, + "required": [ + "Fields" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSchema": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergStructField" + }, + "type": "array" + }, + "IdentifierFieldIds": { + "items": { + "type": "number" + }, + "type": "array" + }, + "SchemaId": { + "type": "number" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Fields" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSortField": { + "additionalProperties": false, + "properties": { + "Direction": { + "type": "string" + }, + "NullOrder": { + "type": "string" + }, + "SourceId": { + "type": "number" + }, + "Transform": { + "type": "string" + } + }, + "required": [ + "Direction", + "NullOrder", + "SourceId", + "Transform" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSortOrder": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSortField" + }, + "type": "array" + }, + "OrderId": { + "type": "number" + } + }, + "required": [ + "Fields", + "OrderId" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergStructField": { + "additionalProperties": false, + "properties": { + "Doc": { + "type": "string" + }, + "Id": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "Required": { + "type": "boolean" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Id", + "Name", + "Required", + "Type" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergTableInput": { + "additionalProperties": false, + "properties": { + "Location": { + "type": "string" + }, + "PartitionSpec": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergPartitionSpec" + }, + "Properties": { + "type": "object" + }, + "Schema": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSchema" + }, + "WriteOrder": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSortOrder" + } + }, + "required": [ + "Location", + "Schema" + ], + "type": "object" + }, "AWS::Glue::Table.MetadataOperation": { "additionalProperties": false, "properties": {}, @@ -147509,6 +153500,9 @@ "markdownDescription": "A `TableIdentifier` structure that describes a target table for resource linking.", "title": "TargetTable" }, + "ViewDefinition": { + "$ref": "#/definitions/AWS::Glue::Table.ViewDefinition" + }, "ViewExpandedText": { "markdownDescription": "Included for Apache Hive compatibility. Not used in the normal course of AWS Glue operations.", "title": "ViewExpandedText", @@ -147522,6 +153516,51 @@ }, "type": "object" }, + "AWS::Glue::Table.ViewDefinition": { + "additionalProperties": false, + "properties": { + "Definer": { + "type": "string" + }, + "IsProtected": { + "type": "boolean" + }, + "Representations": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.ViewRepresentation" + }, + "type": "array" + }, + "SubObjects": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::Glue::Table.ViewRepresentation": { + "additionalProperties": false, + "properties": { + "Dialect": { + "type": "string" + }, + "DialectVersion": { + "type": "string" + }, + "ValidationConnection": { + "type": "string" + }, + "ViewExpandedText": { + "type": "string" + }, + "ViewOriginalText": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Glue::TableOptimizer": { "additionalProperties": false, "properties": { @@ -161407,6 +167446,116 @@ ], "type": "object" }, + "AWS::Interconnect::Connection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ActivationKey": { + "type": "string" + }, + "AttachPoint": { + "$ref": "#/definitions/AWS::Interconnect::Connection.AttachPoint" + }, + "Bandwidth": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "EnvironmentId": { + "type": "string" + }, + "RemoteOwnerAccount": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "AttachPoint" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Interconnect::Connection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Interconnect::Connection.AttachPoint": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "DirectConnectGateway": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Interconnect::Connection.Provider": { + "additionalProperties": false, + "properties": { + "CloudServiceProvider": { + "type": "string" + }, + "LastMileProvider": { + "type": "string" + } + }, + "type": "object" + }, "AWS::InternetMonitor::Monitor": { "additionalProperties": false, "properties": { @@ -165468,240 +171617,232 @@ "Properties": { "additionalProperties": false, "properties": { - "Principal": { - "markdownDescription": "The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID.", - "title": "Principal", - "type": "string" - }, - "ThingName": { - "markdownDescription": "The name of the AWS IoT thing.", - "title": "ThingName", - "type": "string" - }, - "ThingPrincipalType": { - "markdownDescription": "", - "title": "ThingPrincipalType", - "type": "string" - } - }, - "required": [ - "Principal", - "ThingName" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::IoT::ThingPrincipalAttachment" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::IoT::ThingType": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "DeprecateThingType": { - "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", - "title": "DeprecateThingType", - "type": "boolean" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "Metadata which can be used to manage the thing type.", - "title": "Tags", - "type": "array" - }, - "ThingTypeName": { - "markdownDescription": "The name of the thing type.", - "title": "ThingTypeName", - "type": "string" - }, - "ThingTypeProperties": { - "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", - "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", - "title": "ThingTypeProperties" - } - }, - "type": "object" - }, - "Type": { - "enum": [ - "AWS::IoT::ThingType" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "AWS::IoT::ThingType.Mqtt5Configuration": { - "additionalProperties": false, - "properties": { - "PropagatingAttributes": { - "items": { - "$ref": "#/definitions/AWS::IoT::ThingType.PropagatingAttribute" - }, - "markdownDescription": "An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key.", - "title": "PropagatingAttributes", - "type": "array" - } - }, - "type": "object" - }, - "AWS::IoT::ThingType.PropagatingAttribute": { - "additionalProperties": false, - "properties": { - "ConnectionAttribute": { - "markdownDescription": "The attribute associated with the connection details.", - "title": "ConnectionAttribute", - "type": "string" - }, - "ThingAttribute": { - "markdownDescription": "The thing attribute that is propagating for MQTT 5 message enrichment.", - "title": "ThingAttribute", - "type": "string" - }, - "UserPropertyKey": { - "markdownDescription": "The key of the MQTT 5 user property, which is a key-value pair.", - "title": "UserPropertyKey", - "type": "string" - } - }, - "required": [ - "UserPropertyKey" - ], - "type": "object" - }, - "AWS::IoT::ThingType.ThingTypeProperties": { - "additionalProperties": false, - "properties": { - "Mqtt5Configuration": { - "$ref": "#/definitions/AWS::IoT::ThingType.Mqtt5Configuration", - "markdownDescription": "The configuration to add user-defined properties to enrich MQTT 5 messages.", - "title": "Mqtt5Configuration" - }, - "SearchableAttributes": { - "items": { - "type": "string" - }, - "markdownDescription": "A list of searchable thing attribute names.", - "title": "SearchableAttributes", - "type": "array" - }, - "ThingTypeDescription": { - "markdownDescription": "The description of the thing type.", - "title": "ThingTypeDescription", - "type": "string" - } - }, - "type": "object" - }, - "AWS::IoT::TopicRule": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "RuleName": { - "markdownDescription": "The name of the rule.", - "title": "RuleName", + "Principal": { + "markdownDescription": "The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID.", + "title": "Principal", + "type": "string" + }, + "ThingName": { + "markdownDescription": "The name of the AWS IoT thing.", + "title": "ThingName", + "type": "string" + }, + "ThingPrincipalType": { + "markdownDescription": "", + "title": "ThingPrincipalType", + "type": "string" + } + }, + "required": [ + "Principal", + "ThingName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::IoT::ThingPrincipalAttachment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::IoT::ThingType": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", "type": "string" }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DeprecateThingType": { + "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", + "title": "DeprecateThingType", + "type": "boolean" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata which can be used to manage the topic rule.\n\n> For URI Request parameters use format: ...key1=value1&key2=value2...\n> \n> For the CLI command-line parameter use format: --tags \"key1=value1&key2=value2...\"\n> \n> For the cli-input-json file use format: \"tags\": \"key1=value1&key2=value2...\"", + "markdownDescription": "Metadata which can be used to manage the thing type.", "title": "Tags", "type": "array" }, + "ThingTypeName": { + "markdownDescription": "The name of the thing type.", + "title": "ThingTypeName", + "type": "string" + }, + "ThingTypeProperties": { + "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", + "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", + "title": "ThingTypeProperties" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::IoT::ThingType" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::IoT::ThingType.Mqtt5Configuration": { + "additionalProperties": false, + "properties": { + "PropagatingAttributes": { + "items": { + "$ref": "#/definitions/AWS::IoT::ThingType.PropagatingAttribute" + }, + "markdownDescription": "An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key.", + "title": "PropagatingAttributes", + "type": "array" + } + }, + "type": "object" + }, + "AWS::IoT::ThingType.PropagatingAttribute": { + "additionalProperties": false, + "properties": { + "ConnectionAttribute": { + "markdownDescription": "The attribute associated with the connection details.", + "title": "ConnectionAttribute", + "type": "string" + }, + "ThingAttribute": { + "markdownDescription": "The thing attribute that is propagating for MQTT 5 message enrichment.", + "title": "ThingAttribute", + "type": "string" + }, + "UserPropertyKey": { + "markdownDescription": "The key of the MQTT 5 user property, which is a key-value pair.", + "title": "UserPropertyKey", + "type": "string" + } + }, + "required": [ + "UserPropertyKey" + ], + "type": "object" + }, + "AWS::IoT::ThingType.ThingTypeProperties": { + "additionalProperties": false, + "properties": { + "Mqtt5Configuration": { + "$ref": "#/definitions/AWS::IoT::ThingType.Mqtt5Configuration", + "markdownDescription": "The configuration to add user-defined properties to enrich MQTT 5 messages.", + "title": "Mqtt5Configuration" + }, + "SearchableAttributes": { + "items": { + "type": "string" + }, + "markdownDescription": "A list of searchable thing attribute names.", + "title": "SearchableAttributes", + "type": "array" + }, + "ThingTypeDescription": { + "markdownDescription": "The description of the thing type.", + "title": "ThingTypeDescription", + "type": "string" + } + }, + "type": "object" + }, + "AWS::IoT::TopicRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "RuleName": { + "markdownDescription": "The name of the rule.", + "title": "RuleName", + "type": "string" + }, "TopicRulePayload": { "$ref": "#/definitions/AWS::IoT::TopicRule.TopicRulePayload", "markdownDescription": "The rule payload.", @@ -165742,11 +171883,6 @@ "markdownDescription": "Change the state of a CloudWatch alarm.", "title": "CloudwatchAlarm" }, - "CloudwatchLogs": { - "$ref": "#/definitions/AWS::IoT::TopicRule.CloudwatchLogsAction", - "markdownDescription": "Sends data to CloudWatch.", - "title": "CloudwatchLogs" - }, "CloudwatchMetric": { "$ref": "#/definitions/AWS::IoT::TopicRule.CloudwatchMetricAction", "markdownDescription": "Capture a CloudWatch metric.", @@ -165792,11 +171928,6 @@ "markdownDescription": "Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.", "title": "IotSiteWise" }, - "Kafka": { - "$ref": "#/definitions/AWS::IoT::TopicRule.KafkaAction", - "markdownDescription": "Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.", - "title": "Kafka" - }, "Kinesis": { "$ref": "#/definitions/AWS::IoT::TopicRule.KinesisAction", "markdownDescription": "Write data to an Amazon Kinesis stream.", @@ -165807,16 +171938,6 @@ "markdownDescription": "Invoke a Lambda function.", "title": "Lambda" }, - "Location": { - "$ref": "#/definitions/AWS::IoT::TopicRule.LocationAction", - "markdownDescription": "Sends device location data to [Amazon Location Service](https://docs.aws.amazon.com//location/latest/developerguide/welcome.html) .", - "title": "Location" - }, - "OpenSearch": { - "$ref": "#/definitions/AWS::IoT::TopicRule.OpenSearchAction", - "markdownDescription": "Write data to an Amazon OpenSearch Service domain.", - "title": "OpenSearch" - }, "Republish": { "$ref": "#/definitions/AWS::IoT::TopicRule.RepublishAction", "markdownDescription": "Publish to another MQTT topic.", @@ -165841,11 +171962,6 @@ "$ref": "#/definitions/AWS::IoT::TopicRule.StepFunctionsAction", "markdownDescription": "Starts execution of a Step Functions state machine.", "title": "StepFunctions" - }, - "Timestream": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamAction", - "markdownDescription": "Writes attributes from an MQTT message.", - "title": "Timestream" } }, "type": "object" @@ -165920,27 +172036,6 @@ }, "type": "object" }, - "AWS::IoT::TopicRule.BatchConfig": { - "additionalProperties": false, - "properties": { - "MaxBatchOpenMs": { - "markdownDescription": "", - "title": "MaxBatchOpenMs", - "type": "number" - }, - "MaxBatchSize": { - "markdownDescription": "", - "title": "MaxBatchSize", - "type": "number" - }, - "MaxBatchSizeBytes": { - "markdownDescription": "", - "title": "MaxBatchSizeBytes", - "type": "number" - } - }, - "type": "object" - }, "AWS::IoT::TopicRule.CloudwatchAlarmAction": { "additionalProperties": false, "properties": { @@ -165973,31 +172068,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.CloudwatchLogsAction": { - "additionalProperties": false, - "properties": { - "BatchMode": { - "markdownDescription": "Indicates whether batches of log records will be extracted and uploaded into CloudWatch.", - "title": "BatchMode", - "type": "boolean" - }, - "LogGroupName": { - "markdownDescription": "The CloudWatch log name.", - "title": "LogGroupName", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role that allows access to the CloudWatch log.", - "title": "RoleArn", - "type": "string" - } - }, - "required": [ - "LogGroupName", - "RoleArn" - ], - "type": "object" - }, "AWS::IoT::TopicRule.CloudwatchMetricAction": { "additionalProperties": false, "properties": { @@ -166155,11 +172225,6 @@ "AWS::IoT::TopicRule.FirehoseAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to deliver the Kinesis Data Firehose stream as a batch by using [`PutRecordBatch`](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html) . The default value is `false` .\n\nWhen `batchMode` is `true` and the rule's SQL statement evaluates to an Array, each Array element forms one record in the [`PutRecordBatch`](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html) request. The resulting array can't have more than 500 records.", - "title": "BatchMode", - "type": "boolean" - }, "DeliveryStreamName": { "markdownDescription": "The delivery stream name.", "title": "DeliveryStreamName", @@ -166190,21 +172255,11 @@ "markdownDescription": "The authentication method to use when sending data to an HTTPS endpoint.", "title": "Auth" }, - "BatchConfig": { - "$ref": "#/definitions/AWS::IoT::TopicRule.BatchConfig", - "markdownDescription": "", - "title": "BatchConfig" - }, "ConfirmationUrl": { "markdownDescription": "The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.", "title": "ConfirmationUrl", "type": "string" }, - "EnableBatching": { - "markdownDescription": "", - "title": "EnableBatching", - "type": "boolean" - }, "Headers": { "items": { "$ref": "#/definitions/AWS::IoT::TopicRule.HttpActionHeader" @@ -166258,11 +172313,6 @@ "AWS::IoT::TopicRule.IotAnalyticsAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to process the action as a batch. The default value is `false` .\n\nWhen `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by [`BatchPutMessage`](https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html) The resulting array can't have more than 100 messages.", - "title": "BatchMode", - "type": "boolean" - }, "ChannelName": { "markdownDescription": "The name of the IoT Analytics channel to which message data will be sent.", "title": "ChannelName", @@ -166283,11 +172333,6 @@ "AWS::IoT::TopicRule.IotEventsAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to process the event actions as a batch. The default value is `false` .\n\nWhen `batchMode` is `true` , you can't specify a `messageId` .\n\nWhen `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when Events by calling [`BatchPutMessage`](https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html) . The resulting array can't have more than 10 messages.", - "title": "BatchMode", - "type": "boolean" - }, "InputName": { "markdownDescription": "The name of the AWS IoT Events input.", "title": "InputName", @@ -166333,76 +172378,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.KafkaAction": { - "additionalProperties": false, - "properties": { - "ClientProperties": { - "additionalProperties": true, - "markdownDescription": "Properties of the Apache Kafka producer client.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "ClientProperties", - "type": "object" - }, - "DestinationArn": { - "markdownDescription": "The ARN of Kafka action's VPC `TopicRuleDestination` .", - "title": "DestinationArn", - "type": "string" - }, - "Headers": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.KafkaActionHeader" - }, - "markdownDescription": "The list of Kafka headers that you specify.", - "title": "Headers", - "type": "array" - }, - "Key": { - "markdownDescription": "The Kafka message key.", - "title": "Key", - "type": "string" - }, - "Partition": { - "markdownDescription": "The Kafka message partition.", - "title": "Partition", - "type": "string" - }, - "Topic": { - "markdownDescription": "The Kafka topic for messages to be sent to the Kafka broker.", - "title": "Topic", - "type": "string" - } - }, - "required": [ - "ClientProperties", - "DestinationArn", - "Topic" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.KafkaActionHeader": { - "additionalProperties": false, - "properties": { - "Key": { - "markdownDescription": "The key of the Kafka header.", - "title": "Key", - "type": "string" - }, - "Value": { - "markdownDescription": "The value of the Kafka header.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRule.KinesisAction": { "additionalProperties": false, "properties": { @@ -166439,87 +172414,6 @@ }, "type": "object" }, - "AWS::IoT::TopicRule.LocationAction": { - "additionalProperties": false, - "properties": { - "DeviceId": { - "markdownDescription": "The unique ID of the device providing the location data.", - "title": "DeviceId", - "type": "string" - }, - "Latitude": { - "markdownDescription": "A string that evaluates to a double value that represents the latitude of the device's location.", - "title": "Latitude", - "type": "string" - }, - "Longitude": { - "markdownDescription": "A string that evaluates to a double value that represents the longitude of the device's location.", - "title": "Longitude", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role that grants permission to write to the Amazon Location resource.", - "title": "RoleArn", - "type": "string" - }, - "Timestamp": { - "$ref": "#/definitions/AWS::IoT::TopicRule.Timestamp", - "markdownDescription": "The time that the location data was sampled. The default value is the time the MQTT message was processed.", - "title": "Timestamp" - }, - "TrackerName": { - "markdownDescription": "The name of the tracker resource in Amazon Location in which the location is updated.", - "title": "TrackerName", - "type": "string" - } - }, - "required": [ - "DeviceId", - "Latitude", - "Longitude", - "RoleArn", - "TrackerName" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.OpenSearchAction": { - "additionalProperties": false, - "properties": { - "Endpoint": { - "markdownDescription": "The endpoint of your OpenSearch domain.", - "title": "Endpoint", - "type": "string" - }, - "Id": { - "markdownDescription": "The unique identifier for the document you are storing.", - "title": "Id", - "type": "string" - }, - "Index": { - "markdownDescription": "The OpenSearch index where you want to store your data.", - "title": "Index", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role ARN that has access to OpenSearch.", - "title": "RoleArn", - "type": "string" - }, - "Type": { - "markdownDescription": "The type of document you are storing.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Endpoint", - "Id", - "Index", - "RoleArn", - "Type" - ], - "type": "object" - }, "AWS::IoT::TopicRule.PutAssetPropertyValueEntry": { "additionalProperties": false, "properties": { @@ -166574,11 +172468,6 @@ "AWS::IoT::TopicRule.RepublishAction": { "additionalProperties": false, "properties": { - "Headers": { - "$ref": "#/definitions/AWS::IoT::TopicRule.RepublishActionHeaders", - "markdownDescription": "MQTT Version 5.0 headers information. For more information, see [MQTT](https://docs.aws.amazon.com//iot/latest/developerguide/mqtt.html) in the IoT Core Developer Guide.", - "title": "Headers" - }, "Qos": { "markdownDescription": "The Quality of Service (QoS) level to use when republishing messages. The default value is 0.", "title": "Qos", @@ -166601,45 +172490,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.RepublishActionHeaders": { - "additionalProperties": false, - "properties": { - "ContentType": { - "markdownDescription": "A UTF-8 encoded string that describes the content of the publishing message.\n\nFor more information, see [Content Type](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901118) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "ContentType", - "type": "string" - }, - "CorrelationData": { - "markdownDescription": "The base64-encoded binary data used by the sender of the request message to identify which request the response message is for.\n\nFor more information, see [Correlation Data](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901115) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .\n\n> This binary data must be base64-encoded.", - "title": "CorrelationData", - "type": "string" - }, - "MessageExpiry": { - "markdownDescription": "A user-defined integer value that represents the message expiry interval at the broker. If the messages haven't been sent to the subscribers within that interval, the message expires and is removed. The value of `messageExpiry` represents the number of seconds before it expires. For more information about the limits of `messageExpiry` , see [Message broker and protocol limits and quotas](https://docs.aws.amazon.com//general/latest/gr/iot-core.html#limits_iot) in the IoT Core Reference Guide.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "MessageExpiry", - "type": "string" - }, - "PayloadFormatIndicator": { - "markdownDescription": "An `Enum` string value that indicates whether the payload is formatted as UTF-8.\n\nValid values are `UNSPECIFIED_BYTES` and `UTF8_DATA` .\n\nFor more information, see [Payload Format Indicator](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901111) from the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "PayloadFormatIndicator", - "type": "string" - }, - "ResponseTopic": { - "markdownDescription": "A UTF-8 encoded string that's used as the topic name for a response message. The response topic is used to describe the topic to which the receiver should publish as part of the request-response flow. The topic must not contain wildcard characters.\n\nFor more information, see [Response Topic](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901114) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "ResponseTopic", - "type": "string" - }, - "UserProperties": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.UserProperty" - }, - "markdownDescription": "An array of key-value pairs that you define in the MQTT5 header.", - "title": "UserProperties", - "type": "array" - } - }, - "type": "object" - }, "AWS::IoT::TopicRule.S3Action": { "additionalProperties": false, "properties": { @@ -166648,11 +172498,6 @@ "title": "BucketName", "type": "string" }, - "CannedAcl": { - "markdownDescription": "The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see [S3 canned ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) .", - "title": "CannedAcl", - "type": "string" - }, "Key": { "markdownDescription": "The object key. For more information, see [Actions, resources, and condition keys for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) .", "title": "Key", @@ -166772,105 +172617,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.Timestamp": { - "additionalProperties": false, - "properties": { - "Unit": { - "markdownDescription": "The precision of the timestamp value that results from the expression described in `value` .", - "title": "Unit", - "type": "string" - }, - "Value": { - "markdownDescription": "An expression that returns a long epoch time value.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Value" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamAction": { - "additionalProperties": false, - "properties": { - "DatabaseName": { - "markdownDescription": "The name of an Amazon Timestream database that has the table to write records into.", - "title": "DatabaseName", - "type": "string" - }, - "Dimensions": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamDimension" - }, - "markdownDescription": "Metadata attributes of the time series that are written in each measure record.", - "title": "Dimensions", - "type": "array" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the role that grants AWS IoT permission to write to the Timestream database table.", - "title": "RoleArn", - "type": "string" - }, - "TableName": { - "markdownDescription": "The table where the message data will be written.", - "title": "TableName", - "type": "string" - }, - "Timestamp": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamTimestamp", - "markdownDescription": "The value to use for the entry's timestamp. If blank, the time that the entry was processed is used.", - "title": "Timestamp" - } - }, - "required": [ - "DatabaseName", - "Dimensions", - "RoleArn", - "TableName" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamDimension": { - "additionalProperties": false, - "properties": { - "Name": { - "markdownDescription": "The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.", - "title": "Name", - "type": "string" - }, - "Value": { - "markdownDescription": "The value to write in this column of the database record.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Name", - "Value" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamTimestamp": { - "additionalProperties": false, - "properties": { - "Unit": { - "markdownDescription": "The precision of the timestamp value that results from the expression described in `value` .", - "title": "Unit", - "type": "string" - }, - "Value": { - "markdownDescription": "An expression that returns a long epoch time value.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Unit", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRule.TopicRulePayload": { "additionalProperties": false, "properties": { @@ -166910,30 +172656,11 @@ }, "required": [ "Actions", + "RuleDisabled", "Sql" ], "type": "object" }, - "AWS::IoT::TopicRule.UserProperty": { - "additionalProperties": false, - "properties": { - "Key": { - "markdownDescription": "A key to be specified in `UserProperty` .", - "title": "Key", - "type": "string" - }, - "Value": { - "markdownDescription": "A value to be specified in `UserProperty` .", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRuleDestination": { "additionalProperties": false, "properties": { @@ -185667,6 +191394,9 @@ "title": "S3Key", "type": "string" }, + "S3ObjectStorageMode": { + "type": "string" + }, "S3ObjectVersion": { "markdownDescription": "For versioned objects, the version of the deployment package object to use.", "title": "S3ObjectVersion", @@ -194135,102 +199865,105 @@ "Properties": { "additionalProperties": false, "properties": { - "AccountId": { - "markdownDescription": "The ID of the account to create the anomaly detector in.", - "title": "AccountId", - "type": "string" - }, - "AnomalyVisibilityTime": { - "markdownDescription": "The number of days to have visibility on an anomaly. After this time period has elapsed for an anomaly, it will be automatically baselined and the anomaly detector will treat new occurrences of a similar anomaly as normal. Therefore, if you do not correct the cause of an anomaly during the time period specified in `AnomalyVisibilityTime` , it will be considered normal going forward and will not be detected as an anomaly.", - "title": "AnomalyVisibilityTime", - "type": "number" - }, - "DetectorName": { - "markdownDescription": "A name for this anomaly detector.", - "title": "DetectorName", - "type": "string" - }, - "EvaluationFrequency": { - "markdownDescription": "Specifies how often the anomaly detector is to run and look for anomalies. Set this value according to the frequency that the log group receives new logs. For example, if the log group receives new log events every 10 minutes, then 15 minutes might be a good setting for `EvaluationFrequency` .", - "title": "EvaluationFrequency", - "type": "string" - }, - "FilterPattern": { - "markdownDescription": "You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", - "title": "FilterPattern", - "type": "string" - }, - "KmsKeyId": { - "markdownDescription": "Optionally assigns a AWS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.\n\nFor more information about using a AWS key and to see the required IAM policy, see [Use a AWS key with an anomaly detector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html) .", - "title": "KmsKeyId", - "type": "string" - }, - "LogGroupArnList": { - "items": { - "type": "string" - }, - "markdownDescription": "The ARN of the log group that is associated with this anomaly detector. You can specify only one log group ARN.", - "title": "LogGroupArnList", - "type": "array" - } - }, - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Logs::LogAnomalyDetector" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "AWS::Logs::LogGroup": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" + "AccountId": { + "markdownDescription": "The ID of the account to create the anomaly detector in.", + "title": "AccountId", + "type": "string" + }, + "AnomalyVisibilityTime": { + "markdownDescription": "The number of days to have visibility on an anomaly. After this time period has elapsed for an anomaly, it will be automatically baselined and the anomaly detector will treat new occurrences of a similar anomaly as normal. Therefore, if you do not correct the cause of an anomaly during the time period specified in `AnomalyVisibilityTime` , it will be considered normal going forward and will not be detected as an anomaly.", + "title": "AnomalyVisibilityTime", + "type": "number" + }, + "DetectorName": { + "markdownDescription": "A name for this anomaly detector.", + "title": "DetectorName", + "type": "string" + }, + "EvaluationFrequency": { + "markdownDescription": "Specifies how often the anomaly detector is to run and look for anomalies. Set this value according to the frequency that the log group receives new logs. For example, if the log group receives new log events every 10 minutes, then 15 minutes might be a good setting for `EvaluationFrequency` .", + "title": "EvaluationFrequency", + "type": "string" + }, + "FilterPattern": { + "markdownDescription": "You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", + "title": "FilterPattern", + "type": "string" + }, + "KmsKeyId": { + "markdownDescription": "Optionally assigns a AWS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.\n\nFor more information about using a AWS key and to see the required IAM policy, see [Use a AWS key with an anomaly detector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html) .", + "title": "KmsKeyId", + "type": "string" + }, + "LogGroupArnList": { + "items": { + "type": "string" + }, + "markdownDescription": "The ARN of the log group that is associated with this anomaly detector. You can specify only one log group ARN.", + "title": "LogGroupArnList", + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Logs::LogAnomalyDetector" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::Logs::LogGroup": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BearerTokenAuthenticationEnabled": { + "type": "boolean" }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { "DataProtectionPolicy": { "markdownDescription": "Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.", "title": "DataProtectionPolicy", @@ -194594,6 +200327,12 @@ "title": "Name", "type": "string" }, + "Parameters": { + "items": { + "$ref": "#/definitions/AWS::Logs::QueryDefinition.QueryParameter" + }, + "type": "array" + }, "QueryLanguage": { "markdownDescription": "The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see [Supported query languages](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html) .", "title": "QueryLanguage", @@ -194632,6 +200371,24 @@ ], "type": "object" }, + "AWS::Logs::QueryDefinition.QueryParameter": { + "additionalProperties": false, + "properties": { + "DefaultValue": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, "AWS::Logs::ResourcePolicy": { "additionalProperties": false, "properties": { @@ -194670,7 +200427,7 @@ "PolicyDocument": { "markdownDescription": "The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.", "title": "PolicyDocument", - "type": "string" + "type": "object" }, "PolicyName": { "markdownDescription": "The name of the resource policy.", @@ -197776,6 +203533,9 @@ "title": "KafkaClusters", "type": "array" }, + "LogDelivery": { + "$ref": "#/definitions/AWS::MSK::Replicator.LogDelivery" + }, "ReplicationInfoList": { "items": { "$ref": "#/definitions/AWS::MSK::Replicator.ReplicationInfo" @@ -197846,9 +203606,43 @@ ], "type": "object" }, + "AWS::MSK::Replicator.ApacheKafkaCluster": { + "additionalProperties": false, + "properties": { + "ApacheKafkaClusterId": { + "type": "string" + }, + "BootstrapBrokerString": { + "type": "string" + } + }, + "required": [ + "ApacheKafkaClusterId", + "BootstrapBrokerString" + ], + "type": "object" + }, + "AWS::MSK::Replicator.CloudWatchLogs": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "LogGroup": { + "type": "string" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.ConsumerGroupReplication": { "additionalProperties": false, "properties": { + "ConsumerGroupOffsetSyncMode": { + "type": "string" + }, "ConsumerGroupsToExclude": { "items": { "type": "string" @@ -197881,6 +203675,21 @@ ], "type": "object" }, + "AWS::MSK::Replicator.Firehose": { + "additionalProperties": false, + "properties": { + "DeliveryStream": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.KafkaCluster": { "additionalProperties": false, "properties": { @@ -197889,15 +203698,32 @@ "markdownDescription": "Details of an Amazon MSK Cluster.", "title": "AmazonMskCluster" }, + "ApacheKafkaCluster": { + "$ref": "#/definitions/AWS::MSK::Replicator.ApacheKafkaCluster" + }, + "ClientAuthentication": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterClientAuthentication" + }, + "EncryptionInTransit": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterEncryptionInTransit" + }, "VpcConfig": { "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterClientVpcConfig", "markdownDescription": "Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster.", "title": "VpcConfig" } }, + "type": "object" + }, + "AWS::MSK::Replicator.KafkaClusterClientAuthentication": { + "additionalProperties": false, + "properties": { + "SaslScram": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterSaslScramAuthentication" + } + }, "required": [ - "AmazonMskCluster", - "VpcConfig" + "SaslScram" ], "type": "object" }, @@ -197926,6 +203752,46 @@ ], "type": "object" }, + "AWS::MSK::Replicator.KafkaClusterEncryptionInTransit": { + "additionalProperties": false, + "properties": { + "EncryptionType": { + "type": "string" + }, + "RootCaCertificate": { + "type": "string" + } + }, + "required": [ + "EncryptionType" + ], + "type": "object" + }, + "AWS::MSK::Replicator.KafkaClusterSaslScramAuthentication": { + "additionalProperties": false, + "properties": { + "Mechanism": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "Mechanism", + "SecretArn" + ], + "type": "object" + }, + "AWS::MSK::Replicator.LogDelivery": { + "additionalProperties": false, + "properties": { + "ReplicatorLogDelivery": { + "$ref": "#/definitions/AWS::MSK::Replicator.ReplicatorLogDelivery" + } + }, + "type": "object" + }, "AWS::MSK::Replicator.ReplicationInfo": { "additionalProperties": false, "properties": { @@ -197939,6 +203805,9 @@ "title": "SourceKafkaClusterArn", "type": "string" }, + "SourceKafkaClusterId": { + "type": "string" + }, "TargetCompressionType": { "markdownDescription": "The compression type to use when producing records to target cluster.", "title": "TargetCompressionType", @@ -197949,6 +203818,9 @@ "title": "TargetKafkaClusterArn", "type": "string" }, + "TargetKafkaClusterId": { + "type": "string" + }, "TopicReplication": { "$ref": "#/definitions/AWS::MSK::Replicator.TopicReplication", "markdownDescription": "Configuration relating to topic replication.", @@ -197957,9 +203829,7 @@ }, "required": [ "ConsumerGroupReplication", - "SourceKafkaClusterArn", "TargetCompressionType", - "TargetKafkaClusterArn", "TopicReplication" ], "type": "object" @@ -197986,6 +203856,39 @@ }, "type": "object" }, + "AWS::MSK::Replicator.ReplicatorLogDelivery": { + "additionalProperties": false, + "properties": { + "CloudWatchLogs": { + "$ref": "#/definitions/AWS::MSK::Replicator.CloudWatchLogs" + }, + "Firehose": { + "$ref": "#/definitions/AWS::MSK::Replicator.Firehose" + }, + "S3": { + "$ref": "#/definitions/AWS::MSK::Replicator.S3" + } + }, + "type": "object" + }, + "AWS::MSK::Replicator.S3": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Prefix": { + "type": "string" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.TopicReplication": { "additionalProperties": false, "properties": { @@ -200338,6 +206241,9 @@ "title": "AvailabilityZone", "type": "string" }, + "EncodingConfig": { + "$ref": "#/definitions/AWS::MediaConnect::Flow.EncodingConfig" + }, "FlowSize": { "markdownDescription": "Determines the processing capacity and feature set of the flow. Set this optional parameter to LARGE if you want to enable NDI outputs on the flow.", "title": "FlowSize", @@ -200381,6 +206287,12 @@ "markdownDescription": "The settings for source monitoring.", "title": "SourceMonitoringConfig" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaces": { "items": { "$ref": "#/definitions/AWS::MediaConnect::Flow.VpcInterface" @@ -200444,6 +206356,18 @@ }, "type": "object" }, + "AWS::MediaConnect::Flow.EncodingConfig": { + "additionalProperties": false, + "properties": { + "EncodingProfile": { + "type": "string" + }, + "VideoMaxBitrate": { + "type": "number" + } + }, + "type": "object" + }, "AWS::MediaConnect::Flow.Encryption": { "additionalProperties": false, "properties": { @@ -200452,31 +206376,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -200486,11 +206390,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -200727,6 +206626,12 @@ "title": "MediaStreamType", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VideoFormat": { "markdownDescription": "The resolution of the video.", "title": "VideoFormat", @@ -200833,6 +206738,15 @@ ], "type": "object" }, + "AWS::MediaConnect::Flow.NdiSourceSettings": { + "additionalProperties": false, + "properties": { + "SourceName": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaConnect::Flow.SecretsManagerEncryptionKeyConfiguration": { "additionalProperties": false, "properties": { @@ -200935,6 +206849,9 @@ "title": "Name", "type": "string" }, + "NdiSourceSettings": { + "$ref": "#/definitions/AWS::MediaConnect::Flow.NdiSourceSettings" + }, "Protocol": { "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", @@ -200950,16 +206867,6 @@ "markdownDescription": "The decryption configuration for the flow source when router integration is enabled.", "title": "RouterIntegrationTransitDecryption" }, - "SenderControlPort": { - "markdownDescription": "The port that the flow uses to send outbound requests to initiate connection with the sender.", - "title": "SenderControlPort", - "type": "number" - }, - "SenderIpAddress": { - "markdownDescription": "The IP address that the flow communicates with to initiate connection with the sender.", - "title": "SenderIpAddress", - "type": "string" - }, "SourceArn": { "markdownDescription": "The ARN of the source.", "title": "SourceArn", @@ -200985,6 +206892,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceName": { "markdownDescription": "The name of the VPC interface that is used for this source.", "title": "VpcInterfaceName", @@ -201098,6 +207011,12 @@ "markdownDescription": "Subnet must be in the AZ of the Flow.", "title": "SubnetId", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -201191,6 +207110,12 @@ "markdownDescription": "The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flows using your content as the source.", "title": "Subscribers", "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -201230,31 +207155,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -201264,11 +207169,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -201413,6 +207313,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceAttachment": { "$ref": "#/definitions/AWS::MediaConnect::FlowOutput.VpcInterfaceAttachment", "markdownDescription": "The name of the VPC interface attachment to use for this output.", @@ -201678,11 +207584,6 @@ "title": "Description", "type": "string" }, - "EntitlementArn": { - "markdownDescription": "The ARN of the entitlement that allows you to subscribe to this flow. The entitlement is set by the flow originator, and the ARN is generated as part of the originator's flow.", - "title": "EntitlementArn", - "type": "string" - }, "FlowArn": { "markdownDescription": "The Amazon Resource Name (ARN) of the flow this source is connected to. The flow must have Failover enabled to add an additional source.", "title": "FlowArn", @@ -201723,16 +207624,6 @@ "title": "Protocol", "type": "string" }, - "SenderControlPort": { - "markdownDescription": "The port that the flow uses to send outbound requests to initiate connection with the sender.", - "title": "SenderControlPort", - "type": "number" - }, - "SenderIpAddress": { - "markdownDescription": "The IP address that the flow communicates with to initiate connection with the sender.", - "title": "SenderIpAddress", - "type": "string" - }, "SourceListenerAddress": { "markdownDescription": "Source IP or domain name for SRT-caller protocol.", "title": "SourceListenerAddress", @@ -201748,6 +207639,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceName": { "markdownDescription": "The name of the VPC interface to use for this source.", "title": "VpcInterfaceName", @@ -201761,6 +207658,7 @@ }, "required": [ "Description", + "FlowArn", "Name" ], "type": "object" @@ -201794,31 +207692,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -201828,11 +207706,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -202323,6 +208196,54 @@ ], "type": "object" }, + "AWS::MediaConnect::RouterInput.MediaLiveChannelRouterInputConfiguration": { + "additionalProperties": false, + "properties": { + "MediaLiveChannelArn": { + "type": "string" + }, + "MediaLiveChannelOutputName": { + "type": "string" + }, + "MediaLivePipelineId": { + "type": "string" + }, + "SourceTransitDecryption": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveTransitEncryption" + } + }, + "required": [ + "SourceTransitDecryption" + ], + "type": "object" + }, + "AWS::MediaConnect::RouterInput.MediaLiveTransitEncryption": { + "additionalProperties": false, + "properties": { + "EncryptionKeyConfiguration": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveTransitEncryptionKeyConfiguration" + }, + "EncryptionKeyType": { + "type": "string" + } + }, + "required": [ + "EncryptionKeyConfiguration" + ], + "type": "object" + }, + "AWS::MediaConnect::RouterInput.MediaLiveTransitEncryptionKeyConfiguration": { + "additionalProperties": false, + "properties": { + "Automatic": { + "type": "object" + }, + "SecretsManager": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.SecretsManagerEncryptionKeyConfiguration" + } + }, + "type": "object" + }, "AWS::MediaConnect::RouterInput.MergeRouterInputConfiguration": { "additionalProperties": false, "properties": { @@ -202421,6 +208342,9 @@ "markdownDescription": "", "title": "MediaConnectFlow" }, + "MediaLiveChannel": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveChannelRouterInputConfiguration" + }, "Merge": { "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MergeRouterInputConfiguration", "markdownDescription": "", @@ -203674,6 +209598,9 @@ "markdownDescription": "The encoding configuration for the output content.", "title": "EncoderSettings" }, + "InferenceSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.InferenceSettings" + }, "InputAttachments": { "items": { "$ref": "#/definitions/AWS::MediaLive::Channel.InputAttachment" @@ -204344,6 +210271,9 @@ "markdownDescription": "", "title": "Hdr10Settings" }, + "Hlg2020Settings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.Hlg2020Settings" + }, "Rec601Settings": { "$ref": "#/definitions/AWS::MediaLive::Channel.Rec601Settings", "markdownDescription": "", @@ -206889,6 +212819,15 @@ "properties": {}, "type": "object" }, + "AWS::MediaLive::Channel.InferenceSettings": { + "additionalProperties": false, + "properties": { + "FeedArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.InputAttachment": { "additionalProperties": false, "properties": { @@ -211550,12 +217489,6 @@ "type": "string" } }, - "required": [ - "Id", - "Password", - "Url", - "Username" - ], "type": "object" }, "AWS::MediaPackage::Channel.LogConfiguration": { @@ -216823,6 +222756,9 @@ "title": "GraphName", "type": "string" }, + "KmsKeyIdentifier": { + "type": "string" + }, "ProvisionedMemory": { "markdownDescription": "The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.\n\nMin = 16", "title": "ProvisionedMemory", @@ -216892,6 +222828,80 @@ ], "type": "object" }, + "AWS::NeptuneGraph::GraphSnapshot": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "GraphIdentifier": { + "type": "string" + }, + "SnapshotName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "SnapshotName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::NeptuneGraph::GraphSnapshot" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::NeptuneGraph::PrivateGraphEndpoint": { "additionalProperties": false, "properties": { @@ -221347,6 +227357,92 @@ ], "type": "object" }, + "AWS::NovaAct::WorkflowDefinition": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "ExportConfig": { + "$ref": "#/definitions/AWS::NovaAct::WorkflowDefinition.WorkflowExportConfig" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::NovaAct::WorkflowDefinition" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::NovaAct::WorkflowDefinition.WorkflowExportConfig": { + "additionalProperties": false, + "properties": { + "S3BucketName": { + "type": "string" + }, + "S3KeyPrefix": { + "type": "string" + } + }, + "required": [ + "S3BucketName" + ], + "type": "object" + }, "AWS::ODB::CloudAutonomousVmCluster": { "additionalProperties": false, "properties": { @@ -221415,6 +227511,12 @@ "title": "DisplayName", "type": "string" }, + "IamRoles": { + "items": { + "$ref": "#/definitions/AWS::ODB::CloudAutonomousVmCluster.IamRole" + }, + "type": "array" + }, "IsMtlsEnabledVmCluster": { "markdownDescription": "Specifies whether mutual TLS (mTLS) authentication is enabled for the Autonomous VM cluster.", "title": "IsMtlsEnabledVmCluster", @@ -221491,6 +227593,21 @@ ], "type": "object" }, + "AWS::ODB::CloudAutonomousVmCluster.IamRole": { + "additionalProperties": false, + "properties": { + "AwsIntegration": { + "type": "string" + }, + "IamRoleArn": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::CloudAutonomousVmCluster.MaintenanceWindow": { "additionalProperties": false, "properties": { @@ -221828,6 +227945,12 @@ "title": "Hostname", "type": "string" }, + "IamRoles": { + "items": { + "$ref": "#/definitions/AWS::ODB::CloudVmCluster.IamRole" + }, + "type": "array" + }, "IsLocalBackupEnabled": { "markdownDescription": "Specifies whether database backups to local Exadata storage are enabled for the VM cluster.", "title": "IsLocalBackupEnabled", @@ -222020,6 +228143,21 @@ ], "type": "object" }, + "AWS::ODB::CloudVmCluster.IamRole": { + "additionalProperties": false, + "properties": { + "AwsIntegration": { + "type": "string" + }, + "IamRoleArn": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork": { "additionalProperties": false, "properties": { @@ -222075,6 +228213,12 @@ "title": "ClientSubnetCidr", "type": "string" }, + "CrossRegionS3RestoreSources": { + "items": { + "type": "string" + }, + "type": "array" + }, "CustomDomainName": { "markdownDescription": "The domain name for the resources in the ODB network.", "title": "CustomDomainName", @@ -222095,6 +228239,12 @@ "title": "DisplayName", "type": "string" }, + "KmsAccess": { + "type": "string" + }, + "KmsPolicyDocument": { + "type": "string" + }, "S3Access": { "markdownDescription": "The configuration for Amazon S3 access from the ODB network.", "title": "S3Access", @@ -222105,6 +228255,12 @@ "title": "S3PolicyDocument", "type": "string" }, + "StsAccess": { + "type": "string" + }, + "StsPolicyDocument": { + "type": "string" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -222141,6 +228297,45 @@ ], "type": "object" }, + "AWS::ODB::OdbNetwork.CrossRegionS3RestoreSourcesAccess": { + "additionalProperties": false, + "properties": { + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Region": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ODB::OdbNetwork.KmsAccess": { + "additionalProperties": false, + "properties": { + "DomainName": { + "type": "string" + }, + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "KmsPolicyDocument": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork.ManagedS3BackupAccess": { "additionalProperties": false, "properties": { @@ -222163,6 +228358,15 @@ "AWS::ODB::OdbNetwork.ManagedServices": { "additionalProperties": false, "properties": { + "CrossRegionS3RestoreSourcesAccess": { + "items": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.CrossRegionS3RestoreSourcesAccess" + }, + "type": "array" + }, + "KmsAccess": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.KmsAccess" + }, "ManagedS3BackupAccess": { "$ref": "#/definitions/AWS::ODB::OdbNetwork.ManagedS3BackupAccess", "markdownDescription": "The managed Amazon S3 backup access configuration.", @@ -222196,6 +228400,9 @@ "markdownDescription": "The service network endpoint configuration.", "title": "ServiceNetworkEndpoint" }, + "StsAccess": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.StsAccess" + }, "ZeroEtlAccess": { "$ref": "#/definitions/AWS::ODB::OdbNetwork.ZeroEtlAccess", "markdownDescription": "The Zero-ETL access configuration.", @@ -222249,6 +228456,27 @@ }, "type": "object" }, + "AWS::ODB::OdbNetwork.StsAccess": { + "additionalProperties": false, + "properties": { + "DomainName": { + "type": "string" + }, + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Status": { + "type": "string" + }, + "StsPolicyDocument": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork.ZeroEtlAccess": { "additionalProperties": false, "properties": { @@ -222323,6 +228551,12 @@ "title": "PeerNetworkId", "type": "string" }, + "PeerNetworkRouteTableIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -222995,6 +229229,9 @@ "markdownDescription": "Configuration defining the backup region and an optional KMS key for the backup destination.", "title": "BackupConfiguration" }, + "LogGroupNameConfiguration": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogGroupNameConfiguration" + }, "LogsEncryptionConfiguration": { "$ref": "#/definitions/AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogsEncryptionConfiguration", "markdownDescription": "The encryption configuration for centralization destination log groups.", @@ -223003,6 +229240,18 @@ }, "type": "object" }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogGroupNameConfiguration": { + "additionalProperties": false, + "properties": { + "LogGroupNamePattern": { + "type": "string" + } + }, + "required": [ + "LogGroupNamePattern" + ], + "type": "object" + }, "AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogsBackupConfiguration": { "additionalProperties": false, "properties": { @@ -223049,6 +229298,9 @@ "AWS::ObservabilityAdmin::OrganizationCentralizationRule.SourceLogsConfiguration": { "additionalProperties": false, "properties": { + "DataSourceSelectionCriteria": { + "type": "string" + }, "EncryptedLogGroupStrategy": { "markdownDescription": "A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.", "title": "EncryptedLogGroupStrategy", @@ -223061,8 +229313,7 @@ } }, "required": [ - "EncryptedLogGroupStrategy", - "LogGroupSelectionCriteria" + "EncryptedLogGroupStrategy" ], "type": "object" }, @@ -223546,42 +229797,148 @@ "Properties": { "additionalProperties": false, "properties": { - "Encryption": { - "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig", - "markdownDescription": "Defines the encryption configuration for S3 Table integrations, including the encryption algorithm and KMS key settings.", - "title": "Encryption" - }, - "LogSources": { - "items": { - "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.LogSource" - }, - "markdownDescription": "A data source with an S3 Table integration for query access in the `logs` namespace.", - "title": "LogSources", - "type": "array" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the IAM role that grants permissions for the S3 Table integration to access necessary resources.", - "title": "RoleArn", + "Encryption": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig", + "markdownDescription": "Defines the encryption configuration for S3 Table integrations, including the encryption algorithm and KMS key settings.", + "title": "Encryption" + }, + "LogSources": { + "items": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.LogSource" + }, + "markdownDescription": "A data source with an S3 Table integration for query access in the `logs` namespace.", + "title": "LogSources", + "type": "array" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the IAM role that grants permissions for the S3 Table integration to access necessary resources.", + "title": "RoleArn", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The key-value pairs to associate with the S3 Table integration resource for categorization and management purposes.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Encryption", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ObservabilityAdmin::S3TableIntegration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.", + "title": "KmsKeyArn", + "type": "string" + }, + "SseAlgorithm": { + "markdownDescription": "The server-side encryption algorithm used for encrypting data in the S3 Table integration.", + "title": "SseAlgorithm", + "type": "string" + } + }, + "required": [ + "SseAlgorithm" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::S3TableIntegration.LogSource": { + "additionalProperties": false, + "properties": { + "Identifier": { + "markdownDescription": "The unique identifier for the association between the data source and S3 Table integration.", + "title": "Identifier", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the data source.", + "title": "Name", + "type": "string" + }, + "Type": { + "markdownDescription": "The type of the data source.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Name", + "Type" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::TelemetryEnrichment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Scope": { "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "The key-value pairs to associate with the S3 Table integration resource for categorization and management purposes.", - "title": "Tags", - "type": "array" } }, - "required": [ - "Encryption", - "RoleArn" - ], "type": "object" }, "Type": { "enum": [ - "AWS::ObservabilityAdmin::S3TableIntegration" + "AWS::ObservabilityAdmin::TelemetryEnrichment" ], "type": "string" }, @@ -223595,51 +229952,6 @@ } }, "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig": { - "additionalProperties": false, - "properties": { - "KmsKeyArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.", - "title": "KmsKeyArn", - "type": "string" - }, - "SseAlgorithm": { - "markdownDescription": "The server-side encryption algorithm used for encrypting data in the S3 Table integration.", - "title": "SseAlgorithm", - "type": "string" - } - }, - "required": [ - "SseAlgorithm" - ], - "type": "object" - }, - "AWS::ObservabilityAdmin::S3TableIntegration.LogSource": { - "additionalProperties": false, - "properties": { - "Identifier": { - "markdownDescription": "The unique identifier for the association between the data source and S3 Table integration.", - "title": "Identifier", - "type": "string" - }, - "Name": { - "markdownDescription": "The name of the data source.", - "title": "Name", - "type": "string" - }, - "Type": { - "markdownDescription": "The type of the data source.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Name", "Type" ], "type": "object" @@ -224435,6 +230747,114 @@ }, "type": "object" }, + "AWS::Omics::Configuration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "RunConfigurations": { + "$ref": "#/definitions/AWS::Omics::Configuration.RunConfigurations" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name", + "RunConfigurations" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Omics::Configuration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Omics::Configuration.RunConfigurations": { + "additionalProperties": false, + "properties": { + "VpcConfig": { + "$ref": "#/definitions/AWS::Omics::Configuration.VpcConfig" + } + }, + "type": "object" + }, + "AWS::Omics::Configuration.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Omics::ReferenceStore": { "additionalProperties": false, "properties": { @@ -225514,36 +231934,135 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the policy.", + "markdownDescription": "The description of the policy.", + "title": "Description", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the policy.", + "title": "Name", + "type": "string" + }, + "Policy": { + "markdownDescription": "The JSON policy document without any whitespaces.", + "title": "Policy", + "type": "string" + }, + "Type": { + "markdownDescription": "The type of access policy. Currently the only option is `data` .", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Name", + "Policy", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::OpenSearchServerless::AccessPolicy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::OpenSearchServerless::Collection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CollectionGroupName": { + "type": "string" + }, + "Description": { + "markdownDescription": "A description of the collection.", "title": "Description", "type": "string" }, + "EncryptionConfig": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" + }, "Name": { - "markdownDescription": "The name of the policy.", + "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", "title": "Name", "type": "string" }, - "Policy": { - "markdownDescription": "The JSON policy document without any whitespaces.", - "title": "Policy", + "StandbyReplicas": { + "markdownDescription": "Indicates whether to use standby replicas for the collection. You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value.", + "title": "StandbyReplicas", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + }, "Type": { - "markdownDescription": "The type of access policy. Currently the only option is `data` .", + "markdownDescription": "The type of collection. Possible values are `SEARCH` , `TIMESERIES` , and `VECTORSEARCH` . For more information, see [Choosing a collection type](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-usecase) .", "title": "Type", "type": "string" + }, + "VectorOptions": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.VectorOptions" } }, "required": [ - "Name", - "Policy", - "Type" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::OpenSearchServerless::AccessPolicy" + "AWS::OpenSearchServerless::Collection" ], "type": "string" }, @@ -225562,7 +232081,40 @@ ], "type": "object" }, - "AWS::OpenSearchServerless::Collection": { + "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "AWSOwnedKey": { + "type": "boolean" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::Collection.FipsEndpoints": { + "additionalProperties": false, + "properties": { + "CollectionEndpoint": { + "type": "string" + }, + "DashboardEndpoint": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::Collection.VectorOptions": { + "additionalProperties": false, + "properties": { + "ServerlessVectorAcceleration": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::CollectionGroup": { "additionalProperties": false, "properties": { "Condition": { @@ -225597,49 +232149,34 @@ "Properties": { "additionalProperties": false, "properties": { - "CollectionGroupName": { - "type": "string" + "CapacityLimits": { + "$ref": "#/definitions/AWS::OpenSearchServerless::CollectionGroup.CapacityLimits" }, "Description": { - "markdownDescription": "A description of the collection.", - "title": "Description", "type": "string" }, - "EncryptionConfig": { - "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" - }, "Name": { - "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", - "title": "Name", "type": "string" }, "StandbyReplicas": { - "markdownDescription": "Indicates whether to use standby replicas for the collection. You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value.", - "title": "StandbyReplicas", "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", "type": "array" - }, - "Type": { - "markdownDescription": "The type of collection. Possible values are `SEARCH` , `TIMESERIES` , and `VECTORSEARCH` . For more information, see [Choosing a collection type](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-usecase) .", - "title": "Type", - "type": "string" } }, "required": [ - "Name" + "Name", + "StandbyReplicas" ], "type": "object" }, "Type": { "enum": [ - "AWS::OpenSearchServerless::Collection" + "AWS::OpenSearchServerless::CollectionGroup" ], "type": "string" }, @@ -225658,14 +232195,20 @@ ], "type": "object" }, - "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "AWS::OpenSearchServerless::CollectionGroup.CapacityLimits": { "additionalProperties": false, "properties": { - "AWSOwnedKey": { - "type": "boolean" + "MaxIndexingCapacityInOcu": { + "type": "number" }, - "KmsKeyArn": { - "type": "string" + "MaxSearchCapacityInOcu": { + "type": "number" + }, + "MinIndexingCapacityInOcu": { + "type": "number" + }, + "MinSearchCapacityInOcu": { + "type": "number" } }, "type": "object" @@ -226388,6 +232931,9 @@ "markdownDescription": "Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management.", "title": "IamIdentityCenterOptions" }, + "KmsKeyArn": { + "type": "string" + }, "Name": { "markdownDescription": "The name of an OpenSearch application.", "title": "Name", @@ -226559,6 +233105,9 @@ "markdownDescription": "Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.", "title": "CognitoOptions" }, + "DeploymentStrategyOptions": { + "$ref": "#/definitions/AWS::OpenSearchService::Domain.DeploymentStrategyOptions" + }, "DomainEndpointOptions": { "$ref": "#/definitions/AWS::OpenSearchService::Domain.DomainEndpointOptions", "markdownDescription": "Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.", @@ -226837,6 +233386,15 @@ }, "type": "object" }, + "AWS::OpenSearchService::Domain.DeploymentStrategyOptions": { + "additionalProperties": false, + "properties": { + "DeploymentStrategy": { + "type": "string" + } + }, + "type": "object" + }, "AWS::OpenSearchService::Domain.DomainEndpointOptions": { "additionalProperties": false, "properties": { @@ -230721,6 +237279,9 @@ }, "title": "Tags", "type": "object" + }, + "VpcEndpointId": { + "type": "string" } }, "required": [ @@ -230943,6 +237504,22 @@ ], "type": "object" }, + "AWS::PCS::Cluster.CgroupCustomSetting": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "type": "string" + }, + "ParameterValue": { + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, "AWS::PCS::Cluster.Endpoint": { "additionalProperties": false, "properties": { @@ -231086,6 +237663,12 @@ "markdownDescription": "The shared Slurm key for authentication, also known as the *cluster secret* .", "title": "AuthKey" }, + "CgroupCustomSettings": { + "items": { + "$ref": "#/definitions/AWS::PCS::Cluster.CgroupCustomSetting" + }, + "type": "array" + }, "JwtAuth": { "$ref": "#/definitions/AWS::PCS::Cluster.JwtAuth", "markdownDescription": "The JWT authentication configuration for Slurm REST API access.", @@ -231108,6 +237691,12 @@ "$ref": "#/definitions/AWS::PCS::Cluster.SlurmRest", "markdownDescription": "The Slurm REST API configuration for the cluster.", "title": "SlurmRest" + }, + "SlurmdbdCustomSettings": { + "items": { + "$ref": "#/definitions/AWS::PCS::Cluster.SlurmdbdCustomSetting" + }, + "type": "array" } }, "type": "object" @@ -231146,6 +237735,22 @@ ], "type": "object" }, + "AWS::PCS::Cluster.SlurmdbdCustomSetting": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "type": "string" + }, + "ParameterValue": { + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, "AWS::PCS::ComputeNodeGroup": { "additionalProperties": false, "properties": { @@ -251331,7 +257936,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -254945,17 +261550,89 @@ "title": "AddOrRunAnomalyDetectionForAnalyses", "type": "string" }, + "AmazonBedrockARSAction": { + "type": "string" + }, + "AmazonBedrockFSAction": { + "type": "string" + }, + "AmazonBedrockKRSAction": { + "type": "string" + }, + "AmazonSThreeAction": { + "type": "string" + }, "Analysis": { "markdownDescription": "The ability to perform analysis-related actions.", "title": "Analysis", "type": "string" }, + "ApproveFlowShareRequests": { + "type": "string" + }, + "AsanaAction": { + "type": "string" + }, "Automate": { "type": "string" }, + "BambooHRAction": { + "type": "string" + }, + "BoxAgentAction": { + "type": "string" + }, + "BuildCalculatedFieldWithQ": { + "type": "string" + }, + "CanvaAgentAction": { + "type": "string" + }, "ChatAgent": { "type": "string" }, + "ComprehendAction": { + "type": "string" + }, + "ComprehendMedicalAction": { + "type": "string" + }, + "ConfluenceAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockARSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockFSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockKRSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonSThreeAction": { + "type": "string" + }, + "CreateAndUpdateAsanaAction": { + "type": "string" + }, + "CreateAndUpdateBambooHRAction": { + "type": "string" + }, + "CreateAndUpdateBoxAgentAction": { + "type": "string" + }, + "CreateAndUpdateCanvaAgentAction": { + "type": "string" + }, + "CreateAndUpdateComprehendAction": { + "type": "string" + }, + "CreateAndUpdateComprehendMedicalAction": { + "type": "string" + }, + "CreateAndUpdateConfluenceAction": { + "type": "string" + }, "CreateAndUpdateDashboardEmailReports": { "markdownDescription": "The ability to create and update email reports.", "title": "CreateAndUpdateDashboardEmailReports", @@ -254971,6 +261648,102 @@ "title": "CreateAndUpdateDatasets", "type": "string" }, + "CreateAndUpdateFactSetAction": { + "type": "string" + }, + "CreateAndUpdateGenericHTTPAction": { + "type": "string" + }, + "CreateAndUpdateGithubAction": { + "type": "string" + }, + "CreateAndUpdateGoogleCalendarAction": { + "type": "string" + }, + "CreateAndUpdateHubspotAction": { + "type": "string" + }, + "CreateAndUpdateHuggingFaceAction": { + "type": "string" + }, + "CreateAndUpdateIntercomAction": { + "type": "string" + }, + "CreateAndUpdateJiraAction": { + "type": "string" + }, + "CreateAndUpdateKnowledgeBases": { + "type": "string" + }, + "CreateAndUpdateLinearAction": { + "type": "string" + }, + "CreateAndUpdateMCPAction": { + "type": "string" + }, + "CreateAndUpdateMSExchangeAction": { + "type": "string" + }, + "CreateAndUpdateMSTeamsAction": { + "type": "string" + }, + "CreateAndUpdateMondayAction": { + "type": "string" + }, + "CreateAndUpdateNewRelicAction": { + "type": "string" + }, + "CreateAndUpdateNotionAction": { + "type": "string" + }, + "CreateAndUpdateOneDriveAction": { + "type": "string" + }, + "CreateAndUpdateOpenAPIAction": { + "type": "string" + }, + "CreateAndUpdatePagerDutyAction": { + "type": "string" + }, + "CreateAndUpdateSAPBillOfMaterialAction": { + "type": "string" + }, + "CreateAndUpdateSAPBusinessPartnerAction": { + "type": "string" + }, + "CreateAndUpdateSAPMaterialStockAction": { + "type": "string" + }, + "CreateAndUpdateSAPPhysicalInventoryAction": { + "type": "string" + }, + "CreateAndUpdateSAPProductMasterDataAction": { + "type": "string" + }, + "CreateAndUpdateSalesforceAction": { + "type": "string" + }, + "CreateAndUpdateSandPGMIAction": { + "type": "string" + }, + "CreateAndUpdateSandPGlobalEnergyAction": { + "type": "string" + }, + "CreateAndUpdateServiceNowAction": { + "type": "string" + }, + "CreateAndUpdateSharePointAction": { + "type": "string" + }, + "CreateAndUpdateSlackAction": { + "type": "string" + }, + "CreateAndUpdateSmartsheetAction": { + "type": "string" + }, + "CreateAndUpdateTextractAction": { + "type": "string" + }, "CreateAndUpdateThemes": { "markdownDescription": "The ability to export to Create and Update themes.", "title": "CreateAndUpdateThemes", @@ -254981,9 +261754,15 @@ "title": "CreateAndUpdateThresholdAlerts", "type": "string" }, + "CreateAndUpdateZendeskAction": { + "type": "string" + }, "CreateChatAgents": { "type": "string" }, + "CreateDashboardExecutiveSummaryWithQ": { + "type": "string" + }, "CreateSPICEDataset": { "markdownDescription": "The ability to create a SPICE dataset.", "title": "CreateSPICEDataset", @@ -254999,6 +261778,9 @@ "title": "Dashboard", "type": "string" }, + "EditVisualWithQ": { + "type": "string" + }, "ExportToCsv": { "markdownDescription": "The ability to export to CSV files from the UI.", "title": "ExportToCsv", @@ -255029,17 +261811,77 @@ "title": "ExportToPdfInScheduledReports", "type": "string" }, + "Extension": { + "type": "string" + }, + "FactSetAction": { + "type": "string" + }, "Flow": { "type": "string" }, + "GenericHTTPAction": { + "type": "string" + }, + "GithubAction": { + "type": "string" + }, + "GoogleCalendarAction": { + "type": "string" + }, + "HubspotAction": { + "type": "string" + }, + "HuggingFaceAction": { + "type": "string" + }, "IncludeContentInScheduledReportsEmail": { "markdownDescription": "The ability to include content in scheduled email reports.", "title": "IncludeContentInScheduledReportsEmail", "type": "string" }, + "IntercomAction": { + "type": "string" + }, + "JiraAction": { + "type": "string" + }, "KnowledgeBase": { "type": "string" }, + "LinearAction": { + "type": "string" + }, + "MCPAction": { + "type": "string" + }, + "MSExchangeAction": { + "type": "string" + }, + "MSTeamsAction": { + "type": "string" + }, + "ManageSharedFolders": { + "type": "string" + }, + "MondayAction": { + "type": "string" + }, + "NewRelicAction": { + "type": "string" + }, + "NotionAction": { + "type": "string" + }, + "OneDriveAction": { + "type": "string" + }, + "OpenAPIAction": { + "type": "string" + }, + "PagerDutyAction": { + "type": "string" + }, "PerformFlowUiTask": { "type": "string" }, @@ -255059,11 +261901,71 @@ "Research": { "type": "string" }, + "SAPBillOfMaterialAction": { + "type": "string" + }, + "SAPBusinessPartnerAction": { + "type": "string" + }, + "SAPMaterialStockAction": { + "type": "string" + }, + "SAPPhysicalInventoryAction": { + "type": "string" + }, + "SAPProductMasterDataAction": { + "type": "string" + }, + "SalesforceAction": { + "type": "string" + }, + "SandPGMIAction": { + "type": "string" + }, + "SandPGlobalEnergyAction": { + "type": "string" + }, + "ServiceNowAction": { + "type": "string" + }, + "ShareAmazonBedrockARSAction": { + "type": "string" + }, + "ShareAmazonBedrockFSAction": { + "type": "string" + }, + "ShareAmazonBedrockKRSAction": { + "type": "string" + }, + "ShareAmazonSThreeAction": { + "type": "string" + }, "ShareAnalyses": { "markdownDescription": "The ability to share analyses.", "title": "ShareAnalyses", "type": "string" }, + "ShareAsanaAction": { + "type": "string" + }, + "ShareBambooHRAction": { + "type": "string" + }, + "ShareBoxAgentAction": { + "type": "string" + }, + "ShareCanvaAgentAction": { + "type": "string" + }, + "ShareComprehendAction": { + "type": "string" + }, + "ShareComprehendMedicalAction": { + "type": "string" + }, + "ShareConfluenceAction": { + "type": "string" + }, "ShareDashboards": { "markdownDescription": "The ability to share dashboards.", "title": "ShareDashboards", @@ -255079,6 +261981,114 @@ "title": "ShareDatasets", "type": "string" }, + "ShareFactSetAction": { + "type": "string" + }, + "ShareGenericHTTPAction": { + "type": "string" + }, + "ShareGithubAction": { + "type": "string" + }, + "ShareGoogleCalendarAction": { + "type": "string" + }, + "ShareHubspotAction": { + "type": "string" + }, + "ShareHuggingFaceAction": { + "type": "string" + }, + "ShareIntercomAction": { + "type": "string" + }, + "ShareJiraAction": { + "type": "string" + }, + "ShareKnowledgeBases": { + "type": "string" + }, + "ShareLinearAction": { + "type": "string" + }, + "ShareMCPAction": { + "type": "string" + }, + "ShareMSExchangeAction": { + "type": "string" + }, + "ShareMSTeamsAction": { + "type": "string" + }, + "ShareMondayAction": { + "type": "string" + }, + "ShareNewRelicAction": { + "type": "string" + }, + "ShareNotionAction": { + "type": "string" + }, + "ShareOneDriveAction": { + "type": "string" + }, + "ShareOpenAPIAction": { + "type": "string" + }, + "SharePagerDutyAction": { + "type": "string" + }, + "SharePointAction": { + "type": "string" + }, + "ShareSAPBillOfMaterialAction": { + "type": "string" + }, + "ShareSAPBusinessPartnerAction": { + "type": "string" + }, + "ShareSAPMaterialStockAction": { + "type": "string" + }, + "ShareSAPPhysicalInventoryAction": { + "type": "string" + }, + "ShareSAPProductMasterDataAction": { + "type": "string" + }, + "ShareSalesforceAction": { + "type": "string" + }, + "ShareSandPGMIAction": { + "type": "string" + }, + "ShareSandPGlobalEnergyAction": { + "type": "string" + }, + "ShareServiceNowAction": { + "type": "string" + }, + "ShareSharePointAction": { + "type": "string" + }, + "ShareSlackAction": { + "type": "string" + }, + "ShareSmartsheetAction": { + "type": "string" + }, + "ShareTextractAction": { + "type": "string" + }, + "ShareZendeskAction": { + "type": "string" + }, + "SlackAction": { + "type": "string" + }, + "SmartsheetAction": { + "type": "string" + }, "Space": { "type": "string" }, @@ -255087,16 +262097,154 @@ "title": "SubscribeDashboardEmailReports", "type": "string" }, + "TextractAction": { + "type": "string" + }, + "Topic": { + "type": "string" + }, "UseAgentWebSearch": { "type": "string" }, + "UseAmazonBedrockARSAction": { + "type": "string" + }, + "UseAmazonBedrockFSAction": { + "type": "string" + }, + "UseAmazonBedrockKRSAction": { + "type": "string" + }, + "UseAmazonSThreeAction": { + "type": "string" + }, + "UseAsanaAction": { + "type": "string" + }, + "UseBambooHRAction": { + "type": "string" + }, "UseBedrockModels": { "type": "string" }, + "UseBoxAgentAction": { + "type": "string" + }, + "UseCanvaAgentAction": { + "type": "string" + }, + "UseComprehendAction": { + "type": "string" + }, + "UseComprehendMedicalAction": { + "type": "string" + }, + "UseConfluenceAction": { + "type": "string" + }, + "UseFactSetAction": { + "type": "string" + }, + "UseGenericHTTPAction": { + "type": "string" + }, + "UseGithubAction": { + "type": "string" + }, + "UseGoogleCalendarAction": { + "type": "string" + }, + "UseHubspotAction": { + "type": "string" + }, + "UseHuggingFaceAction": { + "type": "string" + }, + "UseIntercomAction": { + "type": "string" + }, + "UseJiraAction": { + "type": "string" + }, + "UseLinearAction": { + "type": "string" + }, + "UseMCPAction": { + "type": "string" + }, + "UseMSExchangeAction": { + "type": "string" + }, + "UseMSTeamsAction": { + "type": "string" + }, + "UseMondayAction": { + "type": "string" + }, + "UseNewRelicAction": { + "type": "string" + }, + "UseNotionAction": { + "type": "string" + }, + "UseOneDriveAction": { + "type": "string" + }, + "UseOpenAPIAction": { + "type": "string" + }, + "UsePagerDutyAction": { + "type": "string" + }, + "UseSAPBillOfMaterialAction": { + "type": "string" + }, + "UseSAPBusinessPartnerAction": { + "type": "string" + }, + "UseSAPMaterialStockAction": { + "type": "string" + }, + "UseSAPPhysicalInventoryAction": { + "type": "string" + }, + "UseSAPProductMasterDataAction": { + "type": "string" + }, + "UseSalesforceAction": { + "type": "string" + }, + "UseSandPGMIAction": { + "type": "string" + }, + "UseSandPGlobalEnergyAction": { + "type": "string" + }, + "UseServiceNowAction": { + "type": "string" + }, + "UseSharePointAction": { + "type": "string" + }, + "UseSlackAction": { + "type": "string" + }, + "UseSmartsheetAction": { + "type": "string" + }, + "UseTextractAction": { + "type": "string" + }, + "UseZendeskAction": { + "type": "string" + }, "ViewAccountSPICECapacity": { "markdownDescription": "The ability to view account SPICE capacity.", "title": "ViewAccountSPICECapacity", "type": "string" + }, + "ZendeskAction": { + "type": "string" } }, "type": "object" @@ -266106,7 +273254,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -270066,7 +277214,7 @@ "items": { "type": "string" }, - "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups.", + "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick users or groups.", "title": "Principals", "type": "array" } @@ -271425,7 +278573,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -272302,6 +279450,9 @@ "markdownDescription": "The parameters for S3.", "title": "S3Parameters" }, + "S3TablesParameters": { + "$ref": "#/definitions/AWS::QuickSight::DataSource.S3TablesParameters" + }, "SnowflakeParameters": { "$ref": "#/definitions/AWS::QuickSight::DataSource.SnowflakeParameters", "markdownDescription": "The parameters for Snowflake.", @@ -272684,7 +279835,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" }, @@ -272719,6 +279870,15 @@ ], "type": "object" }, + "AWS::QuickSight::DataSource.S3TablesParameters": { + "additionalProperties": false, + "properties": { + "TableBucketArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::QuickSight::DataSource.SnowflakeParameters": { "additionalProperties": false, "properties": { @@ -273149,7 +280309,7 @@ "additionalProperties": false, "properties": { "RefreshType": { - "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", + "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick User Guide* .", "title": "RefreshType", "type": "string" }, @@ -282932,7 +290092,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -286734,7 +293894,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -296730,7 +303890,13 @@ "type": "string" }, "Tags": { + "additionalProperties": true, "markdownDescription": "The list of all tags added to the fleet.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } @@ -296813,7 +303979,13 @@ "type": "string" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the robot.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } @@ -296885,6 +304057,11 @@ "title": "CurrentRevisionId", "type": "string" }, + "Environment": { + "markdownDescription": "The environment of the robot application.", + "title": "Environment", + "type": "string" + }, "Name": { "markdownDescription": "The name of the robot application.", "title": "Name", @@ -296904,14 +304081,19 @@ "type": "array" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the robot application.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } }, "required": [ - "RobotSoftwareSuite", - "Sources" + "RobotSoftwareSuite" ], "type": "object" }, @@ -296951,8 +304133,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -297094,6 +304275,11 @@ "title": "CurrentRevisionId", "type": "string" }, + "Environment": { + "markdownDescription": "The environment of the simulation application.", + "title": "Environment", + "type": "string" + }, "Name": { "markdownDescription": "The name of the simulation application.", "title": "Name", @@ -297123,16 +304309,20 @@ "type": "array" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the simulation application.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } }, "required": [ - "RenderingEngine", "RobotSoftwareSuite", - "SimulationSoftwareSuite", - "Sources" + "SimulationSoftwareSuite" ], "type": "object" }, @@ -297192,8 +304382,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -297212,8 +304401,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -298661,35 +305849,783 @@ "Properties": { "additionalProperties": false, "properties": { - "Comment": { - "markdownDescription": "*Optional:* Any comments you want to include about a change batch request.", - "title": "Comment", + "Comment": { + "markdownDescription": "*Optional:* Any comments you want to include about a change batch request.", + "title": "Comment", + "type": "string" + }, + "HostedZoneId": { + "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneId", + "type": "string" + }, + "HostedZoneName": { + "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneName", + "type": "string" + }, + "RecordSets": { + "items": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.RecordSet" + }, + "markdownDescription": "A complex type that contains one `RecordSet` element for each record that you want to create.", + "title": "RecordSets", + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53::RecordSetGroup" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.AliasTarget": { + "additionalProperties": false, + "properties": { + "DNSName": { + "markdownDescription": "*Alias records only:* The value that you specify depends on where you want to route queries:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the applicable domain name for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalDomainName` .\n- For edge-optimized APIs, specify the value of `distributionDomainName` . This is the name of the associated CloudFront distribution, such as `da1b2c3d4e5.cloudfront.net` .\n\n> The name of the record that you're creating must match a custom domain name for your API, such as `api.example.com` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Enter the API endpoint for the interface endpoint, such as `vpce-123456789abcdef01-example-us-east-1a.elasticloadbalancing.us-east-1.vpce.amazonaws.com` . For edge-optimized APIs, this is the domain name for the corresponding CloudFront distribution. You can get the value of `DnsName` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify the domain name that CloudFront assigned when you created your distribution.\n\nYour CloudFront distribution must include an alternate domain name that matches the name of the record. For example, if the name of the record is *acme.example.com* , your CloudFront distribution must include *acme.example.com* as one of the alternate domain names. For more information, see [Using Alternate Domain Names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) in the *Amazon CloudFront Developer Guide* .\n\nYou can't create a record in a private hosted zone to route traffic to a CloudFront distribution.\n\n> For failover alias records, you can't specify a CloudFront distribution for both the primary and secondary records. A distribution must include an alternate domain name that matches the name of the record. However, the primary and secondary records have the same name, and you can't include the same alternate domain name in more than one distribution.\n- **Elastic Beanstalk environment** - If the domain name for your Elastic Beanstalk environment includes the region that you deployed the environment in, you can create an alias record that routes traffic to the environment. For example, the domain name `my-environment. *us-west-2* .elasticbeanstalk.com` is a regionalized domain name.\n\n> For environments that were created before early 2016, the domain name doesn't include the region. To route traffic to these environments, you must create a CNAME record instead of an alias record. Note that you can't create a CNAME record for the root domain name. For example, if your domain name is example.com, you can create a record that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you can't create a record that routes traffic for example.com to your Elastic Beanstalk environment. \n\nFor Elastic Beanstalk environments that have regionalized subdomains, specify the `CNAME` attribute for the environment. You can use the following methods to get the value of the CNAME attribute:\n\n- *AWS Management Console* : For information about how to get the value by using the console, see [Using Custom Domains with AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html) in the *AWS Elastic Beanstalk Developer Guide* .\n- *Elastic Beanstalk API* : Use the `DescribeEnvironments` action to get the value of the `CNAME` attribute. For more information, see [DescribeEnvironments](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html) in the *AWS Elastic Beanstalk API Reference* .\n- *AWS CLI* : Use the `describe-environments` command to get the value of the `CNAME` attribute. For more information, see [describe-environments](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html) in the *AWS CLI* .\n- **ELB load balancer** - Specify the DNS name that is associated with the load balancer. Get the DNS name by using the AWS Management Console , the ELB API, or the AWS CLI .\n\n- *AWS Management Console* : Go to the EC2 page, choose *Load Balancers* in the navigation pane, choose the load balancer, choose the *Description* tab, and get the value of the *DNS name* field.\n\nIf you're routing traffic to a Classic Load Balancer, get the value that begins with *dualstack* . If you're routing traffic to another type of load balancer, get the value that applies to the record type, A or AAAA.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)\n- Application and Network Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the value of `DNSName` :\n\n- [Classic Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- [Application and Network Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)\n- Application and Network Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)\n- **Global Accelerator accelerator** - Specify the DNS name for your accelerator:\n\n- *Global Accelerator API* : To get the DNS name, use [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) .\n- *AWS CLI* : To get the DNS name, use [describe-accelerator](https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html) .\n- **Amazon S3 bucket that is configured as a static website** - Specify the domain name of the Amazon S3 website endpoint that you created the bucket in, for example, `s3-website.us-east-2.amazonaws.com` . For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* . For more information about using S3 buckets for websites, see [Getting Started with Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) in the *Amazon Route 53 Developer Guide.*\n- **Another Route 53 record** - Specify the value of the `Name` element for a record in the current hosted zone.\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't specify the domain name for a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record that you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", + "title": "DNSName", + "type": "string" + }, + "EvaluateTargetHealth": { + "markdownDescription": "*Applies only to alias records with any routing policy:* When `EvaluateTargetHealth` is `true` , an alias record inherits the health of the referenced AWS resource, such as an ELB load balancer or another record in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", + "title": "EvaluateTargetHealth", + "type": "boolean" + }, + "HostedZoneId": { + "markdownDescription": "*Alias resource records sets only* : The value used depends on where you want to route traffic:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalHostedZoneId` .\n- For edge-optimized APIs, specify the value of `distributionHostedZoneId` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Specify the hosted zone ID for your interface endpoint. You can get the value of `HostedZoneId` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify `Z2FDTNDATAQYW2` . This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.\n\n> Alias records for CloudFront can't be created in a private zone.\n- **Elastic Beanstalk environment** - Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) in the *Amazon Web Services General Reference* .\n- **ELB load balancer** - Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:\n\n- [Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html) table in the \"Elastic Load Balancing endpoints and quotas\" topic in the *Amazon Web Services General Reference* : Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.\n- *AWS Management Console* : Go to the Amazon EC2 page, choose *Load Balancers* in the navigation pane, select the load balancer, and get the value of the *Hosted zone* field on the *Description* tab.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneID` .\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the applicable value:\n\n- Classic Load Balancers: Get [CanonicalHostedZoneNameID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- Application and Network Load Balancers: Get [CanonicalHostedZoneID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html) to get the value of `CanonicalHostedZoneID` .\n- **Global Accelerator accelerator** - Specify `Z2BJ6XQ5FK7U4H` .\n- **An Amazon S3 bucket configured as a static website** - Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* .\n- **Another Route 53 record in your hosted zone** - Specify the hosted zone ID of your hosted zone. (An alias record can't reference a record in a different hosted zone.)", + "title": "HostedZoneId", + "type": "string" + } + }, + "required": [ + "DNSName", + "HostedZoneId" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.CidrRoutingConfig": { + "additionalProperties": false, + "properties": { + "CollectionId": { + "markdownDescription": "The CIDR collection ID.", + "title": "CollectionId", + "type": "string" + }, + "LocationName": { + "markdownDescription": "The CIDR collection location name.", + "title": "LocationName", + "type": "string" + } + }, + "required": [ + "CollectionId", + "LocationName" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.Coordinates": { + "additionalProperties": false, + "properties": { + "Latitude": { + "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", + "title": "Latitude", + "type": "string" + }, + "Longitude": { + "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", + "title": "Longitude", + "type": "string" + } + }, + "required": [ + "Latitude", + "Longitude" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.GeoLocation": { + "additionalProperties": false, + "properties": { + "ContinentCode": { + "markdownDescription": "For geolocation resource record sets, a two-letter abbreviation that identifies a continent. Route 53 supports the following continent codes:\n\n- *AF* : Africa\n- *AN* : Antarctica\n- *AS* : Asia\n- *EU* : Europe\n- *OC* : Oceania\n- *NA* : North America\n- *SA* : South America\n\nConstraint: Specifying `ContinentCode` with either `CountryCode` or `SubdivisionCode` returns an `InvalidInput` error.", + "title": "ContinentCode", + "type": "string" + }, + "CountryCode": { + "markdownDescription": "For geolocation resource record sets, the two-letter code for a country.\n\nRoute 53 uses the two-letter country codes that are specified in [ISO standard 3166-1 alpha-2](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) .", + "title": "CountryCode", + "type": "string" + }, + "SubdivisionCode": { + "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", + "title": "SubdivisionCode", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Route53::RecordSetGroup.GeoProximityLocation": { + "additionalProperties": false, + "properties": { + "AWSRegion": { + "markdownDescription": "The AWS Region the resource you are directing DNS traffic to, is in.", + "title": "AWSRegion", + "type": "string" + }, + "Bias": { + "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", + "title": "Bias", + "type": "number" + }, + "Coordinates": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.Coordinates", + "markdownDescription": "Contains the longitude and latitude for a geographic region.", + "title": "Coordinates" + }, + "LocalZoneGroup": { + "markdownDescription": "Specifies an AWS Local Zone Group.\n\nA local Zone Group is usually the Local Zone code without the ending character. For example, if the Local Zone is `us-east-1-bue-1a` the Local Zone Group is `us-east-1-bue-1` .\n\nYou can identify the Local Zones Group for a specific Local Zone by using the [describe-availability-zones](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html) CLI command:\n\nThis command returns: `\"GroupName\": \"us-west-2-den-1\"` , specifying that the Local Zone `us-west-2-den-1a` belongs to the Local Zone Group `us-west-2-den-1` .", + "title": "LocalZoneGroup", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Route53::RecordSetGroup.RecordSet": { + "additionalProperties": false, + "properties": { + "AliasTarget": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.AliasTarget", + "markdownDescription": "*Alias resource record sets only:* Information about the AWS resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to.\n\nIf you're creating resource records sets for a private hosted zone, note the following:\n\n- You can't create an alias resource record set in a private hosted zone to route traffic to a CloudFront distribution.\n- For information about creating failover resource record sets in a private hosted zone, see [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html) in the *Amazon Route 53 Developer Guide* .", + "title": "AliasTarget" + }, + "CidrRoutingConfig": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.CidrRoutingConfig", + "markdownDescription": "", + "title": "CidrRoutingConfig" + }, + "Failover": { + "markdownDescription": "*Failover resource record sets only:* To configure failover, you add the `Failover` element to two resource record sets. For one resource record set, you specify `PRIMARY` as the value for `Failover` ; for the other resource record set, you specify `SECONDARY` . In addition, you include the `HealthCheckId` element and specify the health check that you want Amazon Route 53 to perform for each resource record set.\n\nExcept where noted, the following failover behaviors assume that you have included the `HealthCheckId` element in both resource record sets:\n\n- When the primary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the secondary resource record set.\n- When the primary resource record set is unhealthy and the secondary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the secondary resource record set.\n- When the secondary resource record set is unhealthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the primary resource record set.\n- If you omit the `HealthCheckId` element for the secondary resource record set, and if the primary resource record set is unhealthy, Route 53 always responds to DNS queries with the applicable value from the secondary resource record set. This is true regardless of the health of the associated endpoint.\n\nYou can't create non-failover resource record sets that have the same values for the `Name` and `Type` elements as failover resource record sets.\n\nFor failover alias resource record sets, you must also include the `EvaluateTargetHealth` element and set the value to true.\n\nFor more information about configuring failover for Route 53, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)", + "title": "Failover", + "type": "string" + }, + "GeoLocation": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoLocation", + "markdownDescription": "*Geolocation resource record sets only:* A complex type that lets you control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. For example, if you want all queries from Africa to be routed to a web server with an IP address of `192.0.2.111` , create a resource record set with a `Type` of `A` and a `ContinentCode` of `AF` .\n\nIf you create separate resource record sets for overlapping geographic regions (for example, one resource record set for a continent and one for a country on the same continent), priority goes to the smallest geographic region. This allows you to route most queries for a continent to one resource and to route queries for a country on that continent to a different resource.\n\nYou can't create two geolocation resource record sets that specify the same geographic location.\n\nThe value `*` in the `CountryCode` element matches all geographic locations that aren't specified in other geolocation resource record sets that have the same values for the `Name` and `Type` elements.\n\n> Geolocation works by mapping IP addresses to locations. However, some IP addresses aren't mapped to geographic locations, so even if you create geolocation resource record sets that cover all seven continents, Route 53 will receive some DNS queries from locations that it can't identify. We recommend that you create a resource record set for which the value of `CountryCode` is `*` . Two groups of queries are routed to the resource that you specify in this record: queries that come from locations for which you haven't created geolocation resource record sets and queries from IP addresses that aren't mapped to a location. If you don't create a `*` resource record set, Route 53 returns a \"no answer\" response for queries from those locations. \n\nYou can't create non-geolocation resource record sets that have the same values for the `Name` and `Type` elements as geolocation resource record sets.", + "title": "GeoLocation" + }, + "GeoProximityLocation": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoProximityLocation", + "markdownDescription": "A complex type that contains information about a geographic location.", + "title": "GeoProximityLocation" + }, + "HealthCheckId": { + "markdownDescription": "If you want Amazon Route 53 to return this resource record set in response to a DNS query only when the status of a health check is healthy, include the `HealthCheckId` element and specify the ID of the applicable health check.\n\nRoute 53 determines whether a resource record set is healthy based on one of the following:\n\n- By periodically sending a request to the endpoint that is specified in the health check\n- By aggregating the status of a specified group of health checks (calculated health checks)\n- By determining the current state of a CloudWatch alarm (CloudWatch metric health checks)\n\n> Route 53 doesn't check the health of the endpoint that is specified in the resource record set, for example, the endpoint specified by the IP address in the `Value` element. When you add a `HealthCheckId` element to a resource record set, Route 53 checks the health of the endpoint that you specified in the health check. \n\nFor more information, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)\n\n*When to Specify HealthCheckId*\n\nSpecifying a value for `HealthCheckId` is useful only when Route 53 is choosing between two or more resource record sets to respond to a DNS query, and you want Route 53 to base the choice in part on the status of a health check. Configuring health checks makes sense only in the following configurations:\n\n- *Non-alias resource record sets* : You're checking the health of a group of non-alias resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A) and you specify health check IDs for all the resource record sets.\n\nIf the health check status for a resource record set is healthy, Route 53 includes the record among the records that it responds to DNS queries with.\n\nIf the health check status for a resource record set is unhealthy, Route 53 stops responding to DNS queries using the value for that resource record set.\n\nIf the health check status for all resource record sets in the group is unhealthy, Route 53 considers all resource record sets in the group healthy and responds to DNS queries accordingly.\n- *Alias resource record sets* : You specify the following settings:\n\n- You set `EvaluateTargetHealth` to true for an alias resource record set in a group of resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A).\n- You configure the alias resource record set to route traffic to a non-alias resource record set in the same hosted zone.\n- You specify a health check ID for the non-alias resource record set.\n\nIf the health check status is healthy, Route 53 considers the alias resource record set to be healthy and includes the alias record among the records that it responds to DNS queries with.\n\nIf the health check status is unhealthy, Route 53 stops responding to DNS queries using the alias resource record set.\n\n> The alias resource record set can also route traffic to a *group* of non-alias resource record sets that have the same routing policy, name, and type. In that configuration, associate health checks with all of the resource record sets in the group of non-alias resource record sets.\n\n*Geolocation Routing*\n\nFor geolocation resource record sets, if an endpoint is unhealthy, Route 53 looks for a resource record set for the larger, associated geographic region. For example, suppose you have resource record sets for a state in the United States, for the entire United States, for North America, and a resource record set that has `*` for `CountryCode` is `*` , which applies to all locations. If the endpoint for the state resource record set is unhealthy, Route 53 checks for healthy resource record sets in the following order until it finds a resource record set for which the endpoint is healthy:\n\n- The United States\n- North America\n- The default resource record set\n\n*Specifying the Health Check Endpoint by Domain Name*\n\nIf your health checks specify the endpoint only by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each `HTTP` server that is serving content for `www.example.com` . For the value of `FullyQualifiedDomainName` , specify the domain name of the server (such as `us-east-2-www.example.com` ), not the name of the resource record sets ( `www.example.com` ).\n\n> Health check results will be unpredictable if you do the following:\n> \n> - Create a health check that has the same value for `FullyQualifiedDomainName` as the name of a resource record set.\n> - Associate that health check with the resource record set.", + "title": "HealthCheckId", + "type": "string" + }, + "HostedZoneId": { + "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .\n\nDo not provide the `HostedZoneId` if it is already defined in `AWS::Route53::RecordSetGroup` . The creation fails if `HostedZoneId` is defined in both.", + "title": "HostedZoneId", + "type": "string" + }, + "HostedZoneName": { + "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneName", + "type": "string" + }, + "MultiValueAnswer": { + "markdownDescription": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", + "title": "MultiValueAnswer", + "type": "boolean" + }, + "Name": { + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "title": "Name", + "type": "string" + }, + "Region": { + "markdownDescription": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", + "title": "Region", + "type": "string" + }, + "ResourceRecords": { + "items": { + "type": "string" + }, + "markdownDescription": "Information about the records that you want to create. Each record should be in the format appropriate for the record type specified by the `Type` property. For information about different record types and their record formats, see [Values That You Specify When You Create or Edit Amazon Route 53 Records](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html) in the *Amazon Route 53 Developer Guide* .", + "title": "ResourceRecords", + "type": "array" + }, + "SetIdentifier": { + "markdownDescription": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", + "title": "SetIdentifier", + "type": "string" + }, + "TTL": { + "markdownDescription": "The resource record cache time to live (TTL), in seconds. Note the following:\n\n- If you're creating or updating an alias resource record set, omit `TTL` . Amazon Route 53 uses the value of `TTL` for the alias target.\n- If you're associating this resource record set with a health check (if you're adding a `HealthCheckId` element), we recommend that you specify a `TTL` of 60 seconds or less so clients respond quickly to changes in health status.\n- All of the resource record sets in a group of weighted resource record sets must have the same value for `TTL` .\n- If a group of weighted resource record sets includes one or more weighted alias resource record sets for which the alias target is an ELB load balancer, we recommend that you specify a `TTL` of 60 seconds for all of the non-alias weighted resource record sets that have the same name and type. Values other than 60 seconds (the TTL for load balancers) will change the effect of the values that you specify for `Weight` .", + "title": "TTL", + "type": "string" + }, + "Type": { + "markdownDescription": "The DNS record type. For information about different record types and how data is encoded for them, see [Supported DNS Resource Record Types](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) in the *Amazon Route 53 Developer Guide* .\n\nValid values for basic resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `DS` | `MX` | `NAPTR` | `NS` | `PTR` | `SOA` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\nValues for weighted, latency, geolocation, and failover resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS` . When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.\n\nValid values for multivalue answer resource record sets: `A` | `AAAA` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `CAA` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\n> SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of `Type` is `SPF` . RFC 7208, *Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1* , has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, [The SPF DNS Record Type](https://docs.aws.amazon.com/http://tools.ietf.org/html/rfc7208#section-14.1) . \n\nValues for alias resource record sets:\n\n- *Amazon API Gateway custom regional APIs and edge-optimized APIs:* `A`\n- *CloudFront distributions:* `A`\n\nIf IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of `A` and one with a value of `AAAA` .\n- *Amazon API Gateway environment that has a regionalized subdomain* : `A`\n- *ELB load balancers:* `A` | `AAAA`\n- *Amazon S3 buckets:* `A`\n- *Amazon Virtual Private Cloud interface VPC endpoints* `A`\n- *Another resource record set in this hosted zone:* Specify the type of the resource record set that you're creating the alias for. All values are supported except `NS` and `SOA` .\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", + "title": "Type", + "type": "string" + }, + "Weight": { + "markdownDescription": "*Weighted resource record sets only:* Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set. Route 53 calculates the sum of the weights for the resource record sets that have the same combination of DNS name and type. Route 53 then responds to queries based on the ratio of a resource's weight to the total. Note the following:\n\n- You must specify a value for the `Weight` element for every weighted resource record set.\n- You can only specify one `ResourceRecord` per weighted resource record set.\n- You can't create latency, failover, or geolocation resource record sets that have the same values for the `Name` and `Type` elements as weighted resource record sets.\n- You can create a maximum of 100 weighted resource record sets that have the same values for the `Name` and `Type` elements.\n- For weighted (but not weighted alias) resource record sets, if you set `Weight` to `0` for a resource record set, Route 53 never responds to queries with the applicable value for that resource record set. However, if you set `Weight` to `0` for all resource record sets that have the same combination of DNS name and type, traffic is routed to all resources with equal probability.\n\nThe effect of setting `Weight` to `0` is different when you associate health checks with weighted resource record sets. For more information, see [Options for Configuring Route 53 Active-Active and Active-Passive Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html) in the *Amazon Route 53 Developer Guide* .", + "title": "Weight", + "type": "number" + } + }, + "required": [ + "Name", + "Type" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::AccessSource": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Cidr": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "IpAddressType": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Protocol": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Cidr", + "DnsViewId", + "Protocol" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::AccessSource" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::AccessToken": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "ExpiresAt": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DnsViewId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::AccessToken" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::DnsView": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DnssecValidation": { + "type": "string" + }, + "EdnsClientSubnet": { + "type": "string" + }, + "FirewallRulesFailOpen": { + "type": "string" + }, + "GlobalResolverId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "GlobalResolverId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::DnsView" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::FirewallDomainList": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DomainFileUrl": { + "type": "string" + }, + "Domains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "GlobalResolverId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "GlobalResolverId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::FirewallDomainList" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::FirewallRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Action": { + "type": "string" + }, + "BlockOverrideDnsType": { + "type": "string" + }, + "BlockOverrideDomain": { + "type": "string" + }, + "BlockOverrideTtl": { + "type": "number" + }, + "BlockResponse": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "ConfidenceThreshold": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DnsAdvancedProtection": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "FirewallDomainListId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Priority": { + "type": "number" + }, + "QType": { + "type": "string" + } + }, + "required": [ + "Action", + "DnsViewId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::FirewallRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::GlobalResolver": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { "type": "string" }, - "HostedZoneId": { - "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneId", + "Description": { "type": "string" }, - "HostedZoneName": { - "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneName", + "IpAddressType": { "type": "string" }, - "RecordSets": { + "Name": { + "type": "string" + }, + "ObservabilityRegion": { + "type": "string" + }, + "Regions": { "items": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.RecordSet" + "type": "string" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" }, - "markdownDescription": "A complex type that contains one `RecordSet` element for each record that you want to create.", - "title": "RecordSets", "type": "array" } }, + "required": [ + "Name", + "Regions" + ], "type": "object" }, "Type": { "enum": [ - "AWS::Route53::RecordSetGroup" + "AWS::Route53GlobalResolver::GlobalResolver" ], "type": "string" }, @@ -298703,212 +306639,81 @@ } }, "required": [ - "Type" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.AliasTarget": { - "additionalProperties": false, - "properties": { - "DNSName": { - "markdownDescription": "*Alias records only:* The value that you specify depends on where you want to route queries:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the applicable domain name for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalDomainName` .\n- For edge-optimized APIs, specify the value of `distributionDomainName` . This is the name of the associated CloudFront distribution, such as `da1b2c3d4e5.cloudfront.net` .\n\n> The name of the record that you're creating must match a custom domain name for your API, such as `api.example.com` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Enter the API endpoint for the interface endpoint, such as `vpce-123456789abcdef01-example-us-east-1a.elasticloadbalancing.us-east-1.vpce.amazonaws.com` . For edge-optimized APIs, this is the domain name for the corresponding CloudFront distribution. You can get the value of `DnsName` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify the domain name that CloudFront assigned when you created your distribution.\n\nYour CloudFront distribution must include an alternate domain name that matches the name of the record. For example, if the name of the record is *acme.example.com* , your CloudFront distribution must include *acme.example.com* as one of the alternate domain names. For more information, see [Using Alternate Domain Names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) in the *Amazon CloudFront Developer Guide* .\n\nYou can't create a record in a private hosted zone to route traffic to a CloudFront distribution.\n\n> For failover alias records, you can't specify a CloudFront distribution for both the primary and secondary records. A distribution must include an alternate domain name that matches the name of the record. However, the primary and secondary records have the same name, and you can't include the same alternate domain name in more than one distribution.\n- **Elastic Beanstalk environment** - If the domain name for your Elastic Beanstalk environment includes the region that you deployed the environment in, you can create an alias record that routes traffic to the environment. For example, the domain name `my-environment. *us-west-2* .elasticbeanstalk.com` is a regionalized domain name.\n\n> For environments that were created before early 2016, the domain name doesn't include the region. To route traffic to these environments, you must create a CNAME record instead of an alias record. Note that you can't create a CNAME record for the root domain name. For example, if your domain name is example.com, you can create a record that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you can't create a record that routes traffic for example.com to your Elastic Beanstalk environment. \n\nFor Elastic Beanstalk environments that have regionalized subdomains, specify the `CNAME` attribute for the environment. You can use the following methods to get the value of the CNAME attribute:\n\n- *AWS Management Console* : For information about how to get the value by using the console, see [Using Custom Domains with AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html) in the *AWS Elastic Beanstalk Developer Guide* .\n- *Elastic Beanstalk API* : Use the `DescribeEnvironments` action to get the value of the `CNAME` attribute. For more information, see [DescribeEnvironments](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html) in the *AWS Elastic Beanstalk API Reference* .\n- *AWS CLI* : Use the `describe-environments` command to get the value of the `CNAME` attribute. For more information, see [describe-environments](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html) in the *AWS CLI* .\n- **ELB load balancer** - Specify the DNS name that is associated with the load balancer. Get the DNS name by using the AWS Management Console , the ELB API, or the AWS CLI .\n\n- *AWS Management Console* : Go to the EC2 page, choose *Load Balancers* in the navigation pane, choose the load balancer, choose the *Description* tab, and get the value of the *DNS name* field.\n\nIf you're routing traffic to a Classic Load Balancer, get the value that begins with *dualstack* . If you're routing traffic to another type of load balancer, get the value that applies to the record type, A or AAAA.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)\n- Application and Network Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the value of `DNSName` :\n\n- [Classic Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- [Application and Network Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)\n- Application and Network Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)\n- **Global Accelerator accelerator** - Specify the DNS name for your accelerator:\n\n- *Global Accelerator API* : To get the DNS name, use [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) .\n- *AWS CLI* : To get the DNS name, use [describe-accelerator](https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html) .\n- **Amazon S3 bucket that is configured as a static website** - Specify the domain name of the Amazon S3 website endpoint that you created the bucket in, for example, `s3-website.us-east-2.amazonaws.com` . For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* . For more information about using S3 buckets for websites, see [Getting Started with Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) in the *Amazon Route 53 Developer Guide.*\n- **Another Route 53 record** - Specify the value of the `Name` element for a record in the current hosted zone.\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't specify the domain name for a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record that you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", - "title": "DNSName", - "type": "string" - }, - "EvaluateTargetHealth": { - "markdownDescription": "*Applies only to alias records with any routing policy:* When `EvaluateTargetHealth` is `true` , an alias record inherits the health of the referenced AWS resource, such as an ELB load balancer or another record in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", - "title": "EvaluateTargetHealth", - "type": "boolean" - }, - "HostedZoneId": { - "markdownDescription": "*Alias resource records sets only* : The value used depends on where you want to route traffic:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalHostedZoneId` .\n- For edge-optimized APIs, specify the value of `distributionHostedZoneId` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Specify the hosted zone ID for your interface endpoint. You can get the value of `HostedZoneId` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify `Z2FDTNDATAQYW2` . This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.\n\n> Alias records for CloudFront can't be created in a private zone.\n- **Elastic Beanstalk environment** - Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) in the *Amazon Web Services General Reference* .\n- **ELB load balancer** - Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:\n\n- [Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html) table in the \"Elastic Load Balancing endpoints and quotas\" topic in the *Amazon Web Services General Reference* : Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.\n- *AWS Management Console* : Go to the Amazon EC2 page, choose *Load Balancers* in the navigation pane, select the load balancer, and get the value of the *Hosted zone* field on the *Description* tab.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneID` .\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the applicable value:\n\n- Classic Load Balancers: Get [CanonicalHostedZoneNameID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- Application and Network Load Balancers: Get [CanonicalHostedZoneID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html) to get the value of `CanonicalHostedZoneID` .\n- **Global Accelerator accelerator** - Specify `Z2BJ6XQ5FK7U4H` .\n- **An Amazon S3 bucket configured as a static website** - Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* .\n- **Another Route 53 record in your hosted zone** - Specify the hosted zone ID of your hosted zone. (An alias record can't reference a record in a different hosted zone.)", - "title": "HostedZoneId", - "type": "string" - } - }, - "required": [ - "DNSName", - "HostedZoneId" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.CidrRoutingConfig": { - "additionalProperties": false, - "properties": { - "CollectionId": { - "markdownDescription": "The CIDR collection ID.", - "title": "CollectionId", - "type": "string" - }, - "LocationName": { - "markdownDescription": "The CIDR collection location name.", - "title": "LocationName", - "type": "string" - } - }, - "required": [ - "CollectionId", - "LocationName" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.Coordinates": { - "additionalProperties": false, - "properties": { - "Latitude": { - "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", - "title": "Latitude", - "type": "string" - }, - "Longitude": { - "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", - "title": "Longitude", - "type": "string" - } - }, - "required": [ - "Latitude", - "Longitude" + "Type", + "Properties" ], "type": "object" }, - "AWS::Route53::RecordSetGroup.GeoLocation": { - "additionalProperties": false, - "properties": { - "ContinentCode": { - "markdownDescription": "For geolocation resource record sets, a two-letter abbreviation that identifies a continent. Route 53 supports the following continent codes:\n\n- *AF* : Africa\n- *AN* : Antarctica\n- *AS* : Asia\n- *EU* : Europe\n- *OC* : Oceania\n- *NA* : North America\n- *SA* : South America\n\nConstraint: Specifying `ContinentCode` with either `CountryCode` or `SubdivisionCode` returns an `InvalidInput` error.", - "title": "ContinentCode", - "type": "string" - }, - "CountryCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a country.\n\nRoute 53 uses the two-letter country codes that are specified in [ISO standard 3166-1 alpha-2](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) .", - "title": "CountryCode", - "type": "string" - }, - "SubdivisionCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", - "title": "SubdivisionCode", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Route53::RecordSetGroup.GeoProximityLocation": { + "AWS::Route53GlobalResolver::HostedZoneAssociation": { "additionalProperties": false, "properties": { - "AWSRegion": { - "markdownDescription": "The AWS Region the resource you are directing DNS traffic to, is in.", - "title": "AWSRegion", - "type": "string" - }, - "Bias": { - "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", - "title": "Bias", - "type": "number" - }, - "Coordinates": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.Coordinates", - "markdownDescription": "Contains the longitude and latitude for a geographic region.", - "title": "Coordinates" - }, - "LocalZoneGroup": { - "markdownDescription": "Specifies an AWS Local Zone Group.\n\nA local Zone Group is usually the Local Zone code without the ending character. For example, if the Local Zone is `us-east-1-bue-1a` the Local Zone Group is `us-east-1-bue-1` .\n\nYou can identify the Local Zones Group for a specific Local Zone by using the [describe-availability-zones](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html) CLI command:\n\nThis command returns: `\"GroupName\": \"us-west-2-den-1\"` , specifying that the Local Zone `us-west-2-den-1a` belongs to the Local Zone Group `us-west-2-den-1` .", - "title": "LocalZoneGroup", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Route53::RecordSetGroup.RecordSet": { - "additionalProperties": false, - "properties": { - "AliasTarget": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.AliasTarget", - "markdownDescription": "*Alias resource record sets only:* Information about the AWS resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to.\n\nIf you're creating resource records sets for a private hosted zone, note the following:\n\n- You can't create an alias resource record set in a private hosted zone to route traffic to a CloudFront distribution.\n- For information about creating failover resource record sets in a private hosted zone, see [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html) in the *Amazon Route 53 Developer Guide* .", - "title": "AliasTarget" - }, - "CidrRoutingConfig": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.CidrRoutingConfig", - "markdownDescription": "", - "title": "CidrRoutingConfig" - }, - "Failover": { - "markdownDescription": "*Failover resource record sets only:* To configure failover, you add the `Failover` element to two resource record sets. For one resource record set, you specify `PRIMARY` as the value for `Failover` ; for the other resource record set, you specify `SECONDARY` . In addition, you include the `HealthCheckId` element and specify the health check that you want Amazon Route 53 to perform for each resource record set.\n\nExcept where noted, the following failover behaviors assume that you have included the `HealthCheckId` element in both resource record sets:\n\n- When the primary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the secondary resource record set.\n- When the primary resource record set is unhealthy and the secondary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the secondary resource record set.\n- When the secondary resource record set is unhealthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the primary resource record set.\n- If you omit the `HealthCheckId` element for the secondary resource record set, and if the primary resource record set is unhealthy, Route 53 always responds to DNS queries with the applicable value from the secondary resource record set. This is true regardless of the health of the associated endpoint.\n\nYou can't create non-failover resource record sets that have the same values for the `Name` and `Type` elements as failover resource record sets.\n\nFor failover alias resource record sets, you must also include the `EvaluateTargetHealth` element and set the value to true.\n\nFor more information about configuring failover for Route 53, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)", - "title": "Failover", - "type": "string" - }, - "GeoLocation": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoLocation", - "markdownDescription": "*Geolocation resource record sets only:* A complex type that lets you control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. For example, if you want all queries from Africa to be routed to a web server with an IP address of `192.0.2.111` , create a resource record set with a `Type` of `A` and a `ContinentCode` of `AF` .\n\nIf you create separate resource record sets for overlapping geographic regions (for example, one resource record set for a continent and one for a country on the same continent), priority goes to the smallest geographic region. This allows you to route most queries for a continent to one resource and to route queries for a country on that continent to a different resource.\n\nYou can't create two geolocation resource record sets that specify the same geographic location.\n\nThe value `*` in the `CountryCode` element matches all geographic locations that aren't specified in other geolocation resource record sets that have the same values for the `Name` and `Type` elements.\n\n> Geolocation works by mapping IP addresses to locations. However, some IP addresses aren't mapped to geographic locations, so even if you create geolocation resource record sets that cover all seven continents, Route 53 will receive some DNS queries from locations that it can't identify. We recommend that you create a resource record set for which the value of `CountryCode` is `*` . Two groups of queries are routed to the resource that you specify in this record: queries that come from locations for which you haven't created geolocation resource record sets and queries from IP addresses that aren't mapped to a location. If you don't create a `*` resource record set, Route 53 returns a \"no answer\" response for queries from those locations. \n\nYou can't create non-geolocation resource record sets that have the same values for the `Name` and `Type` elements as geolocation resource record sets.", - "title": "GeoLocation" - }, - "GeoProximityLocation": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoProximityLocation", - "markdownDescription": "A complex type that contains information about a geographic location.", - "title": "GeoProximityLocation" - }, - "HealthCheckId": { - "markdownDescription": "If you want Amazon Route 53 to return this resource record set in response to a DNS query only when the status of a health check is healthy, include the `HealthCheckId` element and specify the ID of the applicable health check.\n\nRoute 53 determines whether a resource record set is healthy based on one of the following:\n\n- By periodically sending a request to the endpoint that is specified in the health check\n- By aggregating the status of a specified group of health checks (calculated health checks)\n- By determining the current state of a CloudWatch alarm (CloudWatch metric health checks)\n\n> Route 53 doesn't check the health of the endpoint that is specified in the resource record set, for example, the endpoint specified by the IP address in the `Value` element. When you add a `HealthCheckId` element to a resource record set, Route 53 checks the health of the endpoint that you specified in the health check. \n\nFor more information, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)\n\n*When to Specify HealthCheckId*\n\nSpecifying a value for `HealthCheckId` is useful only when Route 53 is choosing between two or more resource record sets to respond to a DNS query, and you want Route 53 to base the choice in part on the status of a health check. Configuring health checks makes sense only in the following configurations:\n\n- *Non-alias resource record sets* : You're checking the health of a group of non-alias resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A) and you specify health check IDs for all the resource record sets.\n\nIf the health check status for a resource record set is healthy, Route 53 includes the record among the records that it responds to DNS queries with.\n\nIf the health check status for a resource record set is unhealthy, Route 53 stops responding to DNS queries using the value for that resource record set.\n\nIf the health check status for all resource record sets in the group is unhealthy, Route 53 considers all resource record sets in the group healthy and responds to DNS queries accordingly.\n- *Alias resource record sets* : You specify the following settings:\n\n- You set `EvaluateTargetHealth` to true for an alias resource record set in a group of resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A).\n- You configure the alias resource record set to route traffic to a non-alias resource record set in the same hosted zone.\n- You specify a health check ID for the non-alias resource record set.\n\nIf the health check status is healthy, Route 53 considers the alias resource record set to be healthy and includes the alias record among the records that it responds to DNS queries with.\n\nIf the health check status is unhealthy, Route 53 stops responding to DNS queries using the alias resource record set.\n\n> The alias resource record set can also route traffic to a *group* of non-alias resource record sets that have the same routing policy, name, and type. In that configuration, associate health checks with all of the resource record sets in the group of non-alias resource record sets.\n\n*Geolocation Routing*\n\nFor geolocation resource record sets, if an endpoint is unhealthy, Route 53 looks for a resource record set for the larger, associated geographic region. For example, suppose you have resource record sets for a state in the United States, for the entire United States, for North America, and a resource record set that has `*` for `CountryCode` is `*` , which applies to all locations. If the endpoint for the state resource record set is unhealthy, Route 53 checks for healthy resource record sets in the following order until it finds a resource record set for which the endpoint is healthy:\n\n- The United States\n- North America\n- The default resource record set\n\n*Specifying the Health Check Endpoint by Domain Name*\n\nIf your health checks specify the endpoint only by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each `HTTP` server that is serving content for `www.example.com` . For the value of `FullyQualifiedDomainName` , specify the domain name of the server (such as `us-east-2-www.example.com` ), not the name of the resource record sets ( `www.example.com` ).\n\n> Health check results will be unpredictable if you do the following:\n> \n> - Create a health check that has the same value for `FullyQualifiedDomainName` as the name of a resource record set.\n> - Associate that health check with the resource record set.", - "title": "HealthCheckId", - "type": "string" - }, - "HostedZoneId": { - "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .\n\nDo not provide the `HostedZoneId` if it is already defined in `AWS::Route53::RecordSetGroup` . The creation fails if `HostedZoneId` is defined in both.", - "title": "HostedZoneId", + "Condition": { "type": "string" }, - "HostedZoneName": { - "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneName", + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], "type": "string" }, - "MultiValueAnswer": { - "markdownDescription": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", - "title": "MultiValueAnswer", - "type": "boolean" - }, - "Name": { - "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", - "title": "Name", - "type": "string" + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] }, - "Region": { - "markdownDescription": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", - "title": "Region", - "type": "string" + "Metadata": { + "type": "object" }, - "ResourceRecords": { - "items": { - "type": "string" + "Properties": { + "additionalProperties": false, + "properties": { + "HostedZoneId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "ResourceArn": { + "type": "string" + } }, - "markdownDescription": "Information about the records that you want to create. Each record should be in the format appropriate for the record type specified by the `Type` property. For information about different record types and their record formats, see [Values That You Specify When You Create or Edit Amazon Route 53 Records](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html) in the *Amazon Route 53 Developer Guide* .", - "title": "ResourceRecords", - "type": "array" - }, - "SetIdentifier": { - "markdownDescription": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", - "title": "SetIdentifier", - "type": "string" - }, - "TTL": { - "markdownDescription": "The resource record cache time to live (TTL), in seconds. Note the following:\n\n- If you're creating or updating an alias resource record set, omit `TTL` . Amazon Route 53 uses the value of `TTL` for the alias target.\n- If you're associating this resource record set with a health check (if you're adding a `HealthCheckId` element), we recommend that you specify a `TTL` of 60 seconds or less so clients respond quickly to changes in health status.\n- All of the resource record sets in a group of weighted resource record sets must have the same value for `TTL` .\n- If a group of weighted resource record sets includes one or more weighted alias resource record sets for which the alias target is an ELB load balancer, we recommend that you specify a `TTL` of 60 seconds for all of the non-alias weighted resource record sets that have the same name and type. Values other than 60 seconds (the TTL for load balancers) will change the effect of the values that you specify for `Weight` .", - "title": "TTL", - "type": "string" + "required": [ + "HostedZoneId", + "Name", + "ResourceArn" + ], + "type": "object" }, "Type": { - "markdownDescription": "The DNS record type. For information about different record types and how data is encoded for them, see [Supported DNS Resource Record Types](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) in the *Amazon Route 53 Developer Guide* .\n\nValid values for basic resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `DS` | `MX` | `NAPTR` | `NS` | `PTR` | `SOA` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\nValues for weighted, latency, geolocation, and failover resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS` . When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.\n\nValid values for multivalue answer resource record sets: `A` | `AAAA` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `CAA` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\n> SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of `Type` is `SPF` . RFC 7208, *Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1* , has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, [The SPF DNS Record Type](https://docs.aws.amazon.com/http://tools.ietf.org/html/rfc7208#section-14.1) . \n\nValues for alias resource record sets:\n\n- *Amazon API Gateway custom regional APIs and edge-optimized APIs:* `A`\n- *CloudFront distributions:* `A`\n\nIf IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of `A` and one with a value of `AAAA` .\n- *Amazon API Gateway environment that has a regionalized subdomain* : `A`\n- *ELB load balancers:* `A` | `AAAA`\n- *Amazon S3 buckets:* `A`\n- *Amazon Virtual Private Cloud interface VPC endpoints* `A`\n- *Another resource record set in this hosted zone:* Specify the type of the resource record set that you're creating the alias for. All values are supported except `NS` and `SOA` .\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", - "title": "Type", + "enum": [ + "AWS::Route53GlobalResolver::HostedZoneAssociation" + ], "type": "string" }, - "Weight": { - "markdownDescription": "*Weighted resource record sets only:* Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set. Route 53 calculates the sum of the weights for the resource record sets that have the same combination of DNS name and type. Route 53 then responds to queries based on the ratio of a resource's weight to the total. Note the following:\n\n- You must specify a value for the `Weight` element for every weighted resource record set.\n- You can only specify one `ResourceRecord` per weighted resource record set.\n- You can't create latency, failover, or geolocation resource record sets that have the same values for the `Name` and `Type` elements as weighted resource record sets.\n- You can create a maximum of 100 weighted resource record sets that have the same values for the `Name` and `Type` elements.\n- For weighted (but not weighted alias) resource record sets, if you set `Weight` to `0` for a resource record set, Route 53 never responds to queries with the applicable value for that resource record set. However, if you set `Weight` to `0` for all resource record sets that have the same combination of DNS name and type, traffic is routed to all resources with equal probability.\n\nThe effect of setting `Weight` to `0` is different when you associate health checks with weighted resource record sets. For more information, see [Options for Configuring Route 53 Active-Active and Active-Passive Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html) in the *Amazon Route 53 Developer Guide* .", - "title": "Weight", - "type": "number" + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" } }, "required": [ - "Name", - "Type" + "Type", + "Properties" ], "type": "object" }, @@ -301589,6 +309394,12 @@ "title": "BucketName", "type": "string" }, + "BucketNamePrefix": { + "type": "string" + }, + "BucketNamespace": { + "type": "string" + }, "CorsConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.CorsConfiguration", "markdownDescription": "Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .", @@ -304591,49 +312402,708 @@ "Properties": { "additionalProperties": false, "properties": { - "BucketEncryption": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.BucketEncryption", - "markdownDescription": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* .", - "title": "BucketEncryption" - }, - "BucketName": { - "markdownDescription": "A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format `*bucket_base_name* -- *zone_id* --x-s3` (for example, `*bucket_base_name* -- *usw2-az1* --x-s3` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", - "title": "BucketName", + "BucketEncryption": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.BucketEncryption", + "markdownDescription": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* .", + "title": "BucketEncryption" + }, + "BucketName": { + "markdownDescription": "A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format `*bucket_base_name* -- *zone_id* --x-s3` (for example, `*bucket_base_name* -- *usw2-az1* --x-s3` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", + "title": "BucketName", + "type": "string" + }, + "DataRedundancy": { + "markdownDescription": "The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.", + "title": "DataRedundancy", + "type": "string" + }, + "InventoryConfigurations": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.InventoryConfiguration" + }, + "type": "array" + }, + "LifecycleConfiguration": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.LifecycleConfiguration", + "markdownDescription": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Creating and managing a lifecycle configuration for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html ) in the *Amazon S3 User Guide* .", + "title": "LifecycleConfiguration" + }, + "LocationName": { + "markdownDescription": "The name of the location where the bucket will be created.\n\nFor directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is `usw2-az1` .", + "title": "LocationName", + "type": "string" + }, + "MetricsConfigurations": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.MetricsConfiguration" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of tags that you can apply to the S3 directory bucket. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html) .", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "DataRedundancy", + "LocationName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Express::DirectoryBucket" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload": { + "additionalProperties": false, + "properties": { + "DaysAfterInitiation": { + "markdownDescription": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.", + "title": "DaysAfterInitiation", + "type": "number" + } + }, + "required": [ + "DaysAfterInitiation" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.BucketEncryption": { + "additionalProperties": false, + "properties": { + "ServerSideEncryptionConfiguration": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule" + }, + "markdownDescription": "Specifies the default server-side-encryption configuration.", + "title": "ServerSideEncryptionConfiguration", + "type": "array" + } + }, + "required": [ + "ServerSideEncryptionConfiguration" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.Destination": { + "additionalProperties": false, + "properties": { + "BucketAccountId": { + "type": "string" + }, + "BucketArn": { + "type": "string" + }, + "Format": { + "type": "string" + }, + "Prefix": { + "type": "string" + } + }, + "required": [ + "BucketArn", + "Format" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.InventoryConfiguration": { + "additionalProperties": false, + "properties": { + "Destination": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Destination" + }, + "Enabled": { + "type": "boolean" + }, + "Id": { + "type": "string" + }, + "IncludedObjectVersions": { + "type": "string" + }, + "OptionalFields": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Prefix": { + "type": "string" + }, + "ScheduleFrequency": { + "type": "string" + } + }, + "required": [ + "Destination", + "Enabled", + "Id", + "IncludedObjectVersions", + "ScheduleFrequency" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.LifecycleConfiguration": { + "additionalProperties": false, + "properties": { + "Rules": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Rule" + }, + "markdownDescription": "A lifecycle rule for individual objects in an Amazon S3 Express bucket.", + "title": "Rules", + "type": "array" + } + }, + "required": [ + "Rules" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.MetricsConfiguration": { + "additionalProperties": false, + "properties": { + "AccessPointArn": { + "type": "string" + }, + "Id": { + "type": "string" + }, + "Prefix": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.Rule": { + "additionalProperties": false, + "properties": { + "AbortIncompleteMultipartUpload": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload", + "markdownDescription": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", + "title": "AbortIncompleteMultipartUpload" + }, + "ExpirationInDays": { + "markdownDescription": "Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.", + "title": "ExpirationInDays", + "type": "number" + }, + "Id": { + "markdownDescription": "Unique identifier for the rule. The value can't be longer than 255 characters.", + "title": "Id", + "type": "string" + }, + "ObjectSizeGreaterThan": { + "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", + "title": "ObjectSizeGreaterThan", + "type": "string" + }, + "ObjectSizeLessThan": { + "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", + "title": "ObjectSizeLessThan", + "type": "string" + }, + "Prefix": { + "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", + "title": "Prefix", + "type": "string" + }, + "Status": { + "markdownDescription": "If `Enabled` , the rule is currently being applied. If `Disabled` , the rule is not currently being applied.", + "title": "Status", + "type": "string" + } + }, + "required": [ + "Status" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault": { + "additionalProperties": false, + "properties": { + "KMSMasterKeyID": { + "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if `SSEAlgorithm` is set to `aws:kms` .\n\nYou can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can\u2019t use the key alias of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html#s3-express-bucket-encryption-update-bucket-policy) .\n\n> Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", + "title": "KMSMasterKeyID", + "type": "string" + }, + "SSEAlgorithm": { + "markdownDescription": "Server-side encryption algorithm to use for the default encryption.\n\n> For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` .", + "title": "SSEAlgorithm", + "type": "string" + } + }, + "required": [ + "SSEAlgorithm" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule": { + "additionalProperties": false, + "properties": { + "BucketKeyEnabled": { + "markdownDescription": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. S3 Bucket Keys are always enabled for `GET` and `PUT` operations on a directory bucket and can\u2019t be disabled. It's only allowed to set the `BucketKeyEnabled` element to `true` .\n\nS3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) , [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) , [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops) , or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job) . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.\n\nFor more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-UsingKMSEncryption.html#s3-express-sse-kms-bucket-keys) in the *Amazon S3 User Guide* .", + "title": "BucketKeyEnabled", + "type": "boolean" + }, + "ServerSideEncryptionByDefault": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault", + "markdownDescription": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.", + "title": "ServerSideEncryptionByDefault" + } + }, + "type": "object" + }, + "AWS::S3Files::AccessPoint": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "FileSystemId": { + "type": "string" + }, + "PosixUser": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.PosixUser" + }, + "RootDirectory": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.RootDirectory" + }, + "Tags": { + "items": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.AccessPointTag" + }, + "type": "array" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::AccessPoint" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.AccessPointTag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Files::AccessPoint.CreationPermissions": { + "additionalProperties": false, + "properties": { + "OwnerGid": { + "type": "string" + }, + "OwnerUid": { + "type": "string" + }, + "Permissions": { + "type": "string" + } + }, + "required": [ + "OwnerGid", + "OwnerUid", + "Permissions" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.PosixUser": { + "additionalProperties": false, + "properties": { + "Gid": { + "type": "string" + }, + "SecondaryGids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Uid": { + "type": "string" + } + }, + "required": [ + "Gid", + "Uid" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.RootDirectory": { + "additionalProperties": false, + "properties": { + "CreationPermissions": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.CreationPermissions" + }, + "Path": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Files::FileSystem": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AcceptBucketWarning": { + "type": "boolean" + }, + "Bucket": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "KmsKeyId": { + "type": "string" + }, + "Prefix": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "SynchronizationConfiguration": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.SynchronizationConfiguration" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Bucket", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::FileSystem" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.ExpirationDataRule": { + "additionalProperties": false, + "properties": { + "DaysAfterLastAccess": { + "type": "number" + } + }, + "required": [ + "DaysAfterLastAccess" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.ImportDataRule": { + "additionalProperties": false, + "properties": { + "Prefix": { + "type": "string" + }, + "SizeLessThan": { + "type": "number" + }, + "Trigger": { + "type": "string" + } + }, + "required": [ + "Prefix", + "SizeLessThan", + "Trigger" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.SynchronizationConfiguration": { + "additionalProperties": false, + "properties": { + "ExpirationDataRules": { + "items": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.ExpirationDataRule" + }, + "type": "array" + }, + "ImportDataRules": { + "items": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.ImportDataRule" + }, + "type": "array" + }, + "LatestVersionNumber": { + "type": "number" + } + }, + "required": [ + "ExpirationDataRules", + "ImportDataRules" + ], + "type": "object" + }, + "AWS::S3Files::FileSystemPolicy": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "FileSystemId": { + "type": "string" + }, + "Policy": { + "type": "object" + } + }, + "required": [ + "FileSystemId", + "Policy" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::FileSystemPolicy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::MountTarget": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "FileSystemId": { "type": "string" }, - "DataRedundancy": { - "markdownDescription": "The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.", - "title": "DataRedundancy", + "IpAddressType": { "type": "string" }, - "LifecycleConfiguration": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.LifecycleConfiguration", - "markdownDescription": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Creating and managing a lifecycle configuration for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html ) in the *Amazon S3 User Guide* .", - "title": "LifecycleConfiguration" + "Ipv4Address": { + "type": "string" }, - "LocationName": { - "markdownDescription": "The name of the location where the bucket will be created.\n\nFor directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is `usw2-az1` .", - "title": "LocationName", + "Ipv6Address": { "type": "string" }, - "Tags": { + "SecurityGroups": { "items": { - "$ref": "#/definitions/Tag" + "type": "string" }, - "markdownDescription": "An array of tags that you can apply to the S3 directory bucket. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html) .", - "title": "Tags", "type": "array" + }, + "SubnetId": { + "type": "string" } }, "required": [ - "DataRedundancy", - "LocationName" + "FileSystemId", + "SubnetId" ], "type": "object" }, "Type": { "enum": [ - "AWS::S3Express::DirectoryBucket" + "AWS::S3Files::MountTarget" ], "type": "string" }, @@ -304652,133 +313122,6 @@ ], "type": "object" }, - "AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload": { - "additionalProperties": false, - "properties": { - "DaysAfterInitiation": { - "markdownDescription": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.", - "title": "DaysAfterInitiation", - "type": "number" - } - }, - "required": [ - "DaysAfterInitiation" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.BucketEncryption": { - "additionalProperties": false, - "properties": { - "ServerSideEncryptionConfiguration": { - "items": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule" - }, - "markdownDescription": "Specifies the default server-side-encryption configuration.", - "title": "ServerSideEncryptionConfiguration", - "type": "array" - } - }, - "required": [ - "ServerSideEncryptionConfiguration" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.LifecycleConfiguration": { - "additionalProperties": false, - "properties": { - "Rules": { - "items": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Rule" - }, - "markdownDescription": "A lifecycle rule for individual objects in an Amazon S3 Express bucket.", - "title": "Rules", - "type": "array" - } - }, - "required": [ - "Rules" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.Rule": { - "additionalProperties": false, - "properties": { - "AbortIncompleteMultipartUpload": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload", - "markdownDescription": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", - "title": "AbortIncompleteMultipartUpload" - }, - "ExpirationInDays": { - "markdownDescription": "Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.", - "title": "ExpirationInDays", - "type": "number" - }, - "Id": { - "markdownDescription": "Unique identifier for the rule. The value can't be longer than 255 characters.", - "title": "Id", - "type": "string" - }, - "ObjectSizeGreaterThan": { - "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", - "title": "ObjectSizeGreaterThan", - "type": "string" - }, - "ObjectSizeLessThan": { - "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", - "title": "ObjectSizeLessThan", - "type": "string" - }, - "Prefix": { - "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", - "title": "Prefix", - "type": "string" - }, - "Status": { - "markdownDescription": "If `Enabled` , the rule is currently being applied. If `Disabled` , the rule is not currently being applied.", - "title": "Status", - "type": "string" - } - }, - "required": [ - "Status" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault": { - "additionalProperties": false, - "properties": { - "KMSMasterKeyID": { - "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if `SSEAlgorithm` is set to `aws:kms` .\n\nYou can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can\u2019t use the key alias of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html#s3-express-bucket-encryption-update-bucket-policy) .\n\n> Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", - "title": "KMSMasterKeyID", - "type": "string" - }, - "SSEAlgorithm": { - "markdownDescription": "Server-side encryption algorithm to use for the default encryption.\n\n> For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` .", - "title": "SSEAlgorithm", - "type": "string" - } - }, - "required": [ - "SSEAlgorithm" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule": { - "additionalProperties": false, - "properties": { - "BucketKeyEnabled": { - "markdownDescription": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. S3 Bucket Keys are always enabled for `GET` and `PUT` operations on a directory bucket and can\u2019t be disabled. It's only allowed to set the `BucketKeyEnabled` element to `true` .\n\nS3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) , [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) , [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops) , or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job) . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.\n\nFor more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-UsingKMSEncryption.html#s3-express-sse-kms-bucket-keys) in the *Amazon S3 User Guide* .", - "title": "BucketKeyEnabled", - "type": "boolean" - }, - "ServerSideEncryptionByDefault": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault", - "markdownDescription": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.", - "title": "ServerSideEncryptionByDefault" - } - }, - "type": "object" - }, "AWS::S3ObjectLambda::AccessPoint": { "additionalProperties": false, "properties": { @@ -305790,6 +314133,9 @@ "markdownDescription": "The schema for an Iceberg table.", "title": "IcebergSchema" }, + "IcebergSchemaV2": { + "$ref": "#/definitions/AWS::S3Tables::Table.IcebergSchemaV2" + }, "IcebergSortOrder": { "$ref": "#/definitions/AWS::S3Tables::Table.IcebergSortOrder" }, @@ -305803,9 +314149,6 @@ "type": "object" } }, - "required": [ - "IcebergSchema" - ], "type": "object" }, "AWS::S3Tables::Table.IcebergPartitionField": { @@ -305866,6 +314209,34 @@ ], "type": "object" }, + "AWS::S3Tables::Table.IcebergSchemaV2": { + "additionalProperties": false, + "properties": { + "IdentifierFieldIds": { + "items": { + "type": "number" + }, + "type": "array" + }, + "SchemaId": { + "type": "number" + }, + "SchemaV2FieldList": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::Table.SchemaV2Field" + }, + "type": "array" + }, + "SchemaV2FieldType": { + "type": "string" + } + }, + "required": [ + "SchemaV2FieldList", + "SchemaV2FieldType" + ], + "type": "object" + }, "AWS::S3Tables::Table.IcebergSortField": { "additionalProperties": false, "properties": { @@ -305936,6 +314307,33 @@ ], "type": "object" }, + "AWS::S3Tables::Table.SchemaV2Field": { + "additionalProperties": false, + "properties": { + "Doc": { + "type": "string" + }, + "Id": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "Required": { + "type": "boolean" + }, + "Type": { + "type": "object" + } + }, + "required": [ + "Id", + "Name", + "Required", + "Type" + ], + "type": "object" + }, "AWS::S3Tables::Table.SnapshotManagement": { "additionalProperties": false, "properties": { @@ -306013,6 +314411,9 @@ "markdownDescription": "", "title": "MetricsConfiguration" }, + "ReplicationConfiguration": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationConfiguration" + }, "StorageClassConfiguration": { "$ref": "#/definitions/AWS::S3Tables::TableBucket.StorageClassConfiguration", "markdownDescription": "The configuration details for the storage class of tables or table buckets. This allows you to optimize storage costs by selecting the appropriate storage class based on your access patterns and performance requirements.", @@ -306090,6 +314491,52 @@ }, "type": "object" }, + "AWS::S3Tables::TableBucket.ReplicationConfiguration": { + "additionalProperties": false, + "properties": { + "Role": { + "type": "string" + }, + "Rules": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationRule" + }, + "type": "array" + } + }, + "required": [ + "Role", + "Rules" + ], + "type": "object" + }, + "AWS::S3Tables::TableBucket.ReplicationDestination": { + "additionalProperties": false, + "properties": { + "DestinationTableBucketARN": { + "type": "string" + } + }, + "required": [ + "DestinationTableBucketARN" + ], + "type": "object" + }, + "AWS::S3Tables::TableBucket.ReplicationRule": { + "additionalProperties": false, + "properties": { + "Destinations": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationDestination" + }, + "type": "array" + } + }, + "required": [ + "Destinations" + ], + "type": "object" + }, "AWS::S3Tables::TableBucket.StorageClassConfiguration": { "additionalProperties": false, "properties": { @@ -307954,6 +316401,9 @@ "title": "Tags", "type": "array" }, + "TlsPolicy": { + "type": "string" + }, "TrafficPolicyId": { "markdownDescription": "The identifier of an existing traffic policy that you attach to an ingress endpoint resource.", "title": "TrafficPolicyId", @@ -308005,6 +316455,9 @@ "markdownDescription": "The password of the ingress endpoint resource.", "title": "SmtpPassword", "type": "string" + }, + "TlsAuthConfiguration": { + "$ref": "#/definitions/AWS::SES::MailManagerIngressPoint.TlsAuthConfiguration" } }, "type": "object" @@ -308053,6 +316506,36 @@ ], "type": "object" }, + "AWS::SES::MailManagerIngressPoint.TlsAuthConfiguration": { + "additionalProperties": false, + "properties": { + "TrustStore": { + "$ref": "#/definitions/AWS::SES::MailManagerIngressPoint.TrustStore" + } + }, + "required": [ + "TrustStore" + ], + "type": "object" + }, + "AWS::SES::MailManagerIngressPoint.TrustStore": { + "additionalProperties": false, + "properties": { + "CAContent": { + "type": "string" + }, + "CrlContent": { + "type": "string" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "required": [ + "CAContent" + ], + "type": "object" + }, "AWS::SES::MailManagerRelay": { "additionalProperties": false, "properties": { @@ -308303,6 +316786,40 @@ ], "type": "object" }, + "AWS::SES::MailManagerRuleSet.BounceAction": { + "additionalProperties": false, + "properties": { + "ActionFailurePolicy": { + "type": "string" + }, + "DiagnosticMessage": { + "type": "string" + }, + "Message": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "Sender": { + "type": "string" + }, + "SmtpReplyCode": { + "type": "string" + }, + "StatusCode": { + "type": "string" + } + }, + "required": [ + "DiagnosticMessage", + "RoleArn", + "Sender", + "SmtpReplyCode", + "StatusCode" + ], + "type": "object" + }, "AWS::SES::MailManagerRuleSet.DeliverToMailboxAction": { "additionalProperties": false, "properties": { @@ -308359,6 +316876,32 @@ ], "type": "object" }, + "AWS::SES::MailManagerRuleSet.InvokeLambdaAction": { + "additionalProperties": false, + "properties": { + "ActionFailurePolicy": { + "type": "string" + }, + "FunctionArn": { + "type": "string" + }, + "InvocationType": { + "type": "string" + }, + "RetryTimeMinutes": { + "type": "number" + }, + "RoleArn": { + "type": "string" + } + }, + "required": [ + "FunctionArn", + "InvocationType", + "RoleArn" + ], + "type": "object" + }, "AWS::SES::MailManagerRuleSet.RelayAction": { "additionalProperties": false, "properties": { @@ -308448,6 +316991,9 @@ "markdownDescription": "This action archives the email. This can be used to deliver an email to an archive.", "title": "Archive" }, + "Bounce": { + "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.BounceAction" + }, "DeliverToMailbox": { "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.DeliverToMailboxAction", "markdownDescription": "This action delivers an email to a WorkMail mailbox.", @@ -308463,6 +317009,9 @@ "title": "Drop", "type": "object" }, + "InvokeLambda": { + "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.InvokeLambdaAction" + }, "PublishToSns": { "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.SnsAction", "markdownDescription": "This action publishes the email content to an Amazon SNS topic.", @@ -308739,6 +317288,9 @@ "title": "Attribute", "type": "string" }, + "ClientCertificateAttribute": { + "type": "string" + }, "MimeHeaderAttribute": { "markdownDescription": "The email MIME X-Header attribute to evaluate in a string condition expression.", "title": "MimeHeaderAttribute", @@ -316396,8 +324948,7 @@ "ExecutionRole", "InstanceCount", "InstanceGroupName", - "InstanceType", - "LifeCycleConfig" + "InstanceType" ], "type": "object" }, @@ -316476,16 +325027,15 @@ "title": "OnCreate", "type": "string" }, + "OnInitComplete": { + "type": "string" + }, "SourceS3Uri": { "markdownDescription": "An Amazon S3 bucket path where your lifecycle scripts are stored.\n\n> Make sure that the S3 bucket path starts with `s3://sagemaker-` . The [IAM role for SageMaker HyperPod](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites.html#sagemaker-hyperpod-prerequisites-iam-role-for-hyperpod) has the managed [`AmazonSageMakerClusterInstanceRolePolicy`](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-cluster.html) attached, which allows access to S3 buckets with the specific prefix `sagemaker-` .", "title": "SourceS3Uri", "type": "string" } }, - "required": [ - "OnCreate", - "SourceS3Uri" - ], "type": "object" }, "AWS::SageMaker::Cluster.ClusterOrchestratorEksConfig": { @@ -320757,22 +329307,6 @@ ], "type": "object" }, - "AWS::SageMaker::Model.AdditionalModelDataSource": { - "additionalProperties": false, - "properties": { - "ChannelName": { - "type": "string" - }, - "S3DataSource": { - "$ref": "#/definitions/AWS::SageMaker::Model.S3DataSource" - } - }, - "required": [ - "ChannelName", - "S3DataSource" - ], - "type": "object" - }, "AWS::SageMaker::Model.ContainerDefinition": { "additionalProperties": false, "properties": { @@ -328993,6 +337527,736 @@ ], "type": "object" }, + "AWS::SecurityAgent::AgentSpace": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AwsResources": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.AWSResources" + }, + "CodeReviewSettings": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.CodeReviewSettings" + }, + "Description": { + "type": "string" + }, + "IntegratedResources": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.IntegratedResource" + }, + "type": "array" + }, + "KmsKeyId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetDomainIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::AgentSpace" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.AWSResources": { + "additionalProperties": false, + "properties": { + "IamRoles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LambdaFunctionArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LogGroups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "S3Buckets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SecretArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Vpcs": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.VpcConfig" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.CodeReviewSettings": { + "additionalProperties": false, + "properties": { + "ControlsScanning": { + "type": "boolean" + }, + "GeneralPurposeScanning": { + "type": "boolean" + } + }, + "required": [ + "ControlsScanning", + "GeneralPurposeScanning" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.GitHubCapabilitiesResource": { + "additionalProperties": false, + "properties": { + "LeaveComments": { + "type": "boolean" + }, + "RemediateCode": { + "type": "boolean" + } + }, + "required": [ + "LeaveComments", + "RemediateCode" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.GitHubRepositoryResource": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Owner": { + "type": "string" + } + }, + "required": [ + "Name", + "Owner" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.IntegratedResource": { + "additionalProperties": false, + "properties": { + "Integration": { + "type": "string" + }, + "ProviderResources": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.ProviderResource" + }, + "type": "array" + } + }, + "required": [ + "Integration", + "ProviderResources" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.ProviderResource": { + "additionalProperties": false, + "properties": { + "GitHubCapabilities": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.GitHubCapabilitiesResource" + }, + "GitHubRepository": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.GitHubRepositoryResource" + } + }, + "required": [ + "GitHubCapabilities", + "GitHubRepository" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VpcArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Application": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DefaultKmsKeyId": { + "type": "string" + }, + "IdCConfiguration": { + "$ref": "#/definitions/AWS::SecurityAgent::Application.IdCConfiguration" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::Application" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::SecurityAgent::Application.IdCConfiguration": { + "additionalProperties": false, + "properties": { + "IdCApplicationArn": { + "type": "string" + }, + "IdCInstanceArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AgentSpaceId": { + "type": "string" + }, + "Assets": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Assets" + }, + "CodeRemediationStrategy": { + "type": "string" + }, + "ExcludeRiskTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LogConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.CloudWatchLog" + }, + "NetworkTrafficConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.NetworkTrafficConfig" + }, + "ServiceRole": { + "type": "string" + }, + "Title": { + "type": "string" + }, + "VpcConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.VpcConfig" + } + }, + "required": [ + "AgentSpaceId", + "Assets", + "ServiceRole" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::Pentest" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Actor": { + "additionalProperties": false, + "properties": { + "Authentication": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Authentication" + }, + "Description": { + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "Uris": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Assets": { + "additionalProperties": false, + "properties": { + "Actors": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Actor" + }, + "type": "array" + }, + "Documents": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.DocumentInfo" + }, + "type": "array" + }, + "Endpoints": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Endpoint" + }, + "type": "array" + }, + "IntegratedRepositories": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.IntegratedRepository" + }, + "type": "array" + }, + "SourceCode": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.SourceCodeRepository" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Authentication": { + "additionalProperties": false, + "properties": { + "ProviderType": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.CloudWatchLog": { + "additionalProperties": false, + "properties": { + "LogGroup": { + "type": "string" + }, + "LogStream": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.CustomHeader": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.DocumentInfo": { + "additionalProperties": false, + "properties": { + "ArtifactId": { + "type": "string" + }, + "S3Location": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Endpoint": { + "additionalProperties": false, + "properties": { + "Uri": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.IntegratedRepository": { + "additionalProperties": false, + "properties": { + "IntegrationId": { + "type": "string" + }, + "ProviderResourceId": { + "type": "string" + } + }, + "required": [ + "IntegrationId", + "ProviderResourceId" + ], + "type": "object" + }, + "AWS::SecurityAgent::Pentest.NetworkTrafficConfig": { + "additionalProperties": false, + "properties": { + "CustomHeaders": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.CustomHeader" + }, + "type": "array" + }, + "Rules": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.NetworkTrafficRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.NetworkTrafficRule": { + "additionalProperties": false, + "properties": { + "Effect": { + "type": "string" + }, + "NetworkTrafficRuleType": { + "type": "string" + }, + "Pattern": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.SourceCodeRepository": { + "additionalProperties": false, + "properties": { + "S3Location": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VpcArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetDomainName": { + "type": "string" + }, + "VerificationMethod": { + "type": "string" + } + }, + "required": [ + "TargetDomainName", + "VerificationMethod" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::TargetDomain" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain.DnsVerification": { + "additionalProperties": false, + "properties": { + "DnsRecordName": { + "type": "string" + }, + "DnsRecordType": { + "type": "string" + }, + "Token": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain.HttpVerification": { + "additionalProperties": false, + "properties": { + "RoutePath": { + "type": "string" + }, + "Token": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain.VerificationDetails": { + "additionalProperties": false, + "properties": { + "DnsTxt": { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain.DnsVerification" + }, + "HttpRoute": { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain.HttpVerification" + }, + "Method": { + "type": "string" + } + }, + "type": "object" + }, "AWS::SecurityHub::AggregatorV2": { "additionalProperties": false, "properties": { @@ -336658,6 +345922,9 @@ "markdownDescription": "The routing configuration of an alias. Routing configuration splits [StartExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html) requests between one or two versions of the same state machine.\n\nUse `RoutingConfiguration` if you want to explicitly set the alias [weights](https://docs.aws.amazon.com/step-functions/latest/apireference/API_RoutingConfigurationListItem.html#StepFunctions-Type-RoutingConfigurationListItem-weight) . Weight is the percentage of traffic you want to route to a state machine version.\n\n> `RoutingConfiguration` and `DeploymentPreference` are mutually exclusive properties. You must define only one of these properties.", "title": "RoutingConfiguration", "type": "array" + }, + "StateMachineArn": { + "type": "string" } }, "type": "object" @@ -339059,6 +348326,9 @@ "title": "EgressType", "type": "string" }, + "IpAddressType": { + "type": "string" + }, "LoggingRole": { "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.", "title": "LoggingRole", @@ -340336,6 +349606,79 @@ }, "type": "object" }, + "AWS::UXC::AccountCustomization": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AccountColor": { + "type": "string" + }, + "VisibleRegions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VisibleServices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::UXC::AccountCustomization" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::VerifiedPermissions::IdentitySource": { "additionalProperties": false, "properties": { @@ -340904,11 +350247,6 @@ "AWS::VerifiedPermissions::PolicyStore.SchemaDefinition": { "additionalProperties": false, "properties": { - "CedarFormat": { - "markdownDescription": "", - "title": "CedarFormat", - "type": "string" - }, "CedarJson": { "markdownDescription": "A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the AVP User Guide.", "title": "CedarJson", @@ -354464,18 +363802,6 @@ }, "type": "object" }, - "AWS::WorkspacesInstances::WorkspaceInstance.InstanceMarketOptionsRequest": { - "additionalProperties": false, - "properties": { - "MarketType": { - "type": "string" - }, - "SpotOptions": { - "$ref": "#/definitions/AWS::WorkspacesInstances::WorkspaceInstance.SpotMarketOptions" - } - }, - "type": "object" - }, "AWS::WorkspacesInstances::WorkspaceInstance.InstanceMetadataOptionsRequest": { "additionalProperties": false, "properties": { @@ -354575,9 +363901,6 @@ "ImageId": { "type": "string" }, - "InstanceMarketOptions": { - "$ref": "#/definitions/AWS::WorkspacesInstances::WorkspaceInstance.InstanceMarketOptionsRequest" - }, "InstanceType": { "type": "string" }, @@ -354681,24 +364004,6 @@ }, "type": "object" }, - "AWS::WorkspacesInstances::WorkspaceInstance.SpotMarketOptions": { - "additionalProperties": false, - "properties": { - "InstanceInterruptionBehavior": { - "type": "string" - }, - "MaxPrice": { - "type": "string" - }, - "SpotInstanceType": { - "type": "string" - }, - "ValidUntilUtc": { - "type": "string" - } - }, - "type": "object" - }, "AWS::WorkspacesInstances::WorkspaceInstance.TagSpecification": { "additionalProperties": false, "properties": { @@ -354964,6 +364269,22 @@ ], "type": "object" }, + "AWS::XRay::SamplingRule.SamplingRateBoost": { + "additionalProperties": false, + "properties": { + "CooldownWindowMinutes": { + "type": "number" + }, + "MaxRate": { + "type": "number" + } + }, + "required": [ + "CooldownWindowMinutes", + "MaxRate" + ], + "type": "object" + }, "AWS::XRay::SamplingRule.SamplingRule": { "additionalProperties": false, "properties": { @@ -355018,6 +364339,9 @@ "title": "RuleName", "type": "string" }, + "SamplingRateBoost": { + "$ref": "#/definitions/AWS::XRay::SamplingRule.SamplingRateBoost" + }, "ServiceName": { "markdownDescription": "Matches the `name` that the service uses to identify itself in segments.", "title": "ServiceName", @@ -357103,10 +366427,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -357125,10 +366449,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -357147,10 +366471,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -359022,10 +368346,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -359350,10 +368674,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -359372,10 +368696,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -359631,6 +368955,11 @@ "title": "DomainName", "type": "string" }, + "EndpointAccessMode": { + "markdownDescription": "The endpoint access mode for the custom domain name. \n*Type*: String \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-endpointaccessmode) property of an `AWS::ApiGateway::DomainName` resource, or to `AWS::ApiGateway::DomainNameV2` when `EndpointConfiguration` is set to `PRIVATE`.", + "title": "EndpointAccessMode", + "type": "string" + }, "EndpointConfiguration": { "anyOf": [ { @@ -359770,6 +369099,11 @@ "markdownDescription": "Configures a custom domain for this API Gateway API. \n*Type*: [DomainConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-domainconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", "title": "Domain" }, + "EndpointAccessMode": { + "markdownDescription": "The endpoint access mode for the RestApi. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointaccessmode) property of an `AWS::ApiGateway::RestApi` resource.", + "title": "EndpointAccessMode", + "type": "string" + }, "EndpointConfiguration": { "allOf": [ { @@ -359956,6 +369290,11 @@ "markdownDescription": "Configures a custom domain for this API Gateway API. \n*Type*: [DomainConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-domainconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", "title": "Domain" }, + "EndpointAccessMode": { + "markdownDescription": "The endpoint access mode for the RestApi. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointaccessmode) property of an `AWS::ApiGateway::RestApi` resource.", + "title": "EndpointAccessMode", + "type": "string" + }, "EndpointConfiguration": { "anyOf": [ { @@ -365116,12 +374455,18 @@ { "$ref": "#/definitions/AWS::Batch::JobQueue" }, + { + "$ref": "#/definitions/AWS::Batch::QuotaShare" + }, { "$ref": "#/definitions/AWS::Batch::SchedulingPolicy" }, { "$ref": "#/definitions/AWS::Batch::ServiceEnvironment" }, + { + "$ref": "#/definitions/AWS::BcmPricingCalculator::BillScenario" + }, { "$ref": "#/definitions/AWS::Bedrock::Agent" }, @@ -365140,12 +374485,18 @@ { "$ref": "#/definitions/AWS::Bedrock::Blueprint" }, + { + "$ref": "#/definitions/AWS::Bedrock::DataAutomationLibrary" + }, { "$ref": "#/definitions/AWS::Bedrock::DataAutomationProject" }, { "$ref": "#/definitions/AWS::Bedrock::DataSource" }, + { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration" + }, { "$ref": "#/definitions/AWS::Bedrock::Flow" }, @@ -365173,12 +374524,24 @@ { "$ref": "#/definitions/AWS::Bedrock::PromptVersion" }, + { + "$ref": "#/definitions/AWS::Bedrock::ResourcePolicy" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::ApiKeyCredentialProvider" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserProfile" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::CodeInterpreterCustom" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway" }, @@ -365188,6 +374551,18 @@ { "$ref": "#/definitions/AWS::BedrockAgentCore::Memory" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::PolicyEngine" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime" }, @@ -365197,6 +374572,9 @@ { "$ref": "#/definitions/AWS::BedrockAgentCore::WorkloadIdentity" }, + { + "$ref": "#/definitions/AWS::BedrockMantle::Project" + }, { "$ref": "#/definitions/AWS::Billing::BillingView" }, @@ -365212,6 +374590,9 @@ { "$ref": "#/definitions/AWS::BillingConductor::PricingRule" }, + { + "$ref": "#/definitions/AWS::Braket::SpendingLimit" + }, { "$ref": "#/definitions/AWS::Budgets::Budget" }, @@ -365293,6 +374674,12 @@ { "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate" }, + { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm" + }, + { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation" + }, { "$ref": "#/definitions/AWS::CleanRoomsML::TrainingDataset" }, @@ -365569,6 +374956,9 @@ { "$ref": "#/definitions/AWS::Comprehend::Flywheel" }, + { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule" + }, { "$ref": "#/definitions/AWS::Config::AggregationAuthorization" }, @@ -365611,6 +375001,12 @@ { "$ref": "#/definitions/AWS::Connect::ContactFlowModule" }, + { + "$ref": "#/definitions/AWS::Connect::ContactFlowModuleAlias" + }, + { + "$ref": "#/definitions/AWS::Connect::ContactFlowModuleVersion" + }, { "$ref": "#/definitions/AWS::Connect::ContactFlowVersion" }, @@ -365728,6 +375124,9 @@ { "$ref": "#/definitions/AWS::CustomerProfiles::ObjectType" }, + { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender" + }, { "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition" }, @@ -365950,6 +375349,27 @@ { "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection" }, + { + "$ref": "#/definitions/AWS::DirectConnect::Connection" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::DirectConnectGateway" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::DirectConnectGatewayAssociation" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::Lag" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::PrivateVirtualInterface" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::PublicVirtualInterface" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::TransitVirtualInterface" + }, { "$ref": "#/definitions/AWS::DirectoryService::MicrosoftAD" }, @@ -366052,6 +375472,9 @@ { "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver" }, + { + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolverTarget" + }, { "$ref": "#/definitions/AWS::EC2::IPAMResourceDiscovery" }, @@ -366175,6 +375598,9 @@ { "$ref": "#/definitions/AWS::EC2::SpotFleet" }, + { + "$ref": "#/definitions/AWS::EC2::SqlHaStandbyDetectedInstance" + }, { "$ref": "#/definitions/AWS::EC2::Subnet" }, @@ -366352,6 +375778,12 @@ { "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations" }, + { + "$ref": "#/definitions/AWS::ECS::Daemon" + }, + { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition" + }, { "$ref": "#/definitions/AWS::ECS::ExpressGatewayService" }, @@ -366508,6 +375940,9 @@ { "$ref": "#/definitions/AWS::Elasticsearch::Domain" }, + { + "$ref": "#/definitions/AWS::ElementalInference::Feed" + }, { "$ref": "#/definitions/AWS::EntityResolution::IdMappingWorkflow" }, @@ -366679,6 +376114,9 @@ { "$ref": "#/definitions/AWS::GlobalAccelerator::Listener" }, + { + "$ref": "#/definitions/AWS::Glue::Catalog" + }, { "$ref": "#/definitions/AWS::Glue::Classifier" }, @@ -366994,6 +376432,9 @@ { "$ref": "#/definitions/AWS::InspectorV2::Filter" }, + { + "$ref": "#/definitions/AWS::Interconnect::Connection" + }, { "$ref": "#/definitions/AWS::InternetMonitor::Monitor" }, @@ -367717,6 +377158,9 @@ { "$ref": "#/definitions/AWS::NeptuneGraph::Graph" }, + { + "$ref": "#/definitions/AWS::NeptuneGraph::GraphSnapshot" + }, { "$ref": "#/definitions/AWS::NeptuneGraph::PrivateGraphEndpoint" }, @@ -367810,6 +377254,9 @@ { "$ref": "#/definitions/AWS::NotificationsContacts::EmailContact" }, + { + "$ref": "#/definitions/AWS::NovaAct::WorkflowDefinition" + }, { "$ref": "#/definitions/AWS::ODB::CloudAutonomousVmCluster" }, @@ -367843,6 +377290,9 @@ { "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration" }, + { + "$ref": "#/definitions/AWS::ObservabilityAdmin::TelemetryEnrichment" + }, { "$ref": "#/definitions/AWS::ObservabilityAdmin::TelemetryPipelines" }, @@ -367852,6 +377302,9 @@ { "$ref": "#/definitions/AWS::Omics::AnnotationStore" }, + { + "$ref": "#/definitions/AWS::Omics::Configuration" + }, { "$ref": "#/definitions/AWS::Omics::ReferenceStore" }, @@ -367876,6 +377329,9 @@ { "$ref": "#/definitions/AWS::OpenSearchServerless::Collection" }, + { + "$ref": "#/definitions/AWS::OpenSearchServerless::CollectionGroup" + }, { "$ref": "#/definitions/AWS::OpenSearchServerless::Index" }, @@ -368341,6 +377797,27 @@ { "$ref": "#/definitions/AWS::Route53::RecordSetGroup" }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::AccessSource" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::AccessToken" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::DnsView" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::FirewallDomainList" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::FirewallRule" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::GlobalResolver" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::HostedZoneAssociation" + }, { "$ref": "#/definitions/AWS::Route53Profiles::Profile" }, @@ -368446,6 +377923,18 @@ { "$ref": "#/definitions/AWS::S3Express::DirectoryBucket" }, + { + "$ref": "#/definitions/AWS::S3Files::AccessPoint" + }, + { + "$ref": "#/definitions/AWS::S3Files::FileSystem" + }, + { + "$ref": "#/definitions/AWS::S3Files::FileSystemPolicy" + }, + { + "$ref": "#/definitions/AWS::S3Files::MountTarget" + }, { "$ref": "#/definitions/AWS::S3ObjectLambda::AccessPoint" }, @@ -368788,6 +378277,18 @@ { "$ref": "#/definitions/AWS::SecretsManager::SecretTargetAttachment" }, + { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::Application" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain" + }, { "$ref": "#/definitions/AWS::SecurityHub::AggregatorV2" }, @@ -369010,6 +378511,9 @@ { "$ref": "#/definitions/AWS::Transfer::Workflow" }, + { + "$ref": "#/definitions/AWS::UXC::AccountCustomization" + }, { "$ref": "#/definitions/AWS::VerifiedPermissions::IdentitySource" }, diff --git a/samtranslator/sdk/parameter.py b/samtranslator/sdk/parameter.py index 5e0218fc59..8771694195 100644 --- a/samtranslator/sdk/parameter.py +++ b/samtranslator/sdk/parameter.py @@ -1,5 +1,5 @@ import copy -from typing import Any, Dict, Optional +from typing import Any import boto3 from boto3 import Session @@ -12,7 +12,7 @@ class SamParameterValues: Class representing SAM parameter values. """ - def __init__(self, parameter_values: Dict[Any, Any]) -> None: + def __init__(self, parameter_values: dict[Any, Any]) -> None: """ Initialize the object given the parameter values as a dictionary @@ -21,7 +21,7 @@ def __init__(self, parameter_values: Dict[Any, Any]) -> None: self.parameter_values = copy.deepcopy(parameter_values) - def add_default_parameter_values(self, sam_template: Dict[str, Any]) -> Any: + def add_default_parameter_values(self, sam_template: dict[str, Any]) -> Any: """ Method to read default values for template parameters and merge with user supplied values. @@ -65,7 +65,7 @@ def add_default_parameter_values(self, sam_template: Dict[str, Any]) -> Any: return None - def add_pseudo_parameter_values(self, session: Optional[Session] = None) -> None: + def add_pseudo_parameter_values(self, session: Session | None = None) -> None: """ Add pseudo parameter values :return: parameter values that have pseudo parameter in it diff --git a/samtranslator/sdk/resource.py b/samtranslator/sdk/resource.py index 9e629ebd97..4197a65d55 100644 --- a/samtranslator/sdk/resource.py +++ b/samtranslator/sdk/resource.py @@ -1,5 +1,5 @@ from enum import Enum -from typing import Any, Dict, List, Optional, Union +from typing import Any, Union from samtranslator.model.exceptions import InvalidDocumentException, InvalidTemplateException from samtranslator.model.types import IS_STR @@ -13,9 +13,9 @@ class SamResource: """ type = None - properties: Dict[str, Any] = {} # TODO: Replace `Any` with something more specific + properties: dict[str, Any] = {} # TODO: Replace `Any` with something more specific - def __init__(self, resource_dict: Dict[str, Any]) -> None: + def __init__(self, resource_dict: dict[str, Any]) -> None: """ Initialize the object given the resource as a dictionary @@ -27,7 +27,7 @@ def __init__(self, resource_dict: Dict[str, Any]) -> None: self.condition = resource_dict.get("Condition") self.deletion_policy = resource_dict.get("DeletionPolicy") self.update_replace_policy = resource_dict.get("UpdateReplacePolicy") - self.ignore_globals: Optional[Union[str, List[str]]] = resource_dict.get("IgnoreGlobals") + self.ignore_globals: Union[str, list[str]] | None = resource_dict.get("IgnoreGlobals") # Properties is *not* required. Ex: SimpleTable resource has no required properties self.properties = resource_dict.get("Properties", {}) @@ -47,7 +47,7 @@ def valid(self) -> bool: # TODO: should we raise exception if `self.type` is not a string? return isinstance(self.type, str) and SamResourceType.has_value(self.type) - def to_dict(self) -> Dict[str, Any]: + def to_dict(self) -> dict[str, Any]: if self.valid(): # Touch a resource dictionary ONLY if it is valid # Modify only Type & Properties section to preserve CloudFormation properties like DependsOn, Conditions etc diff --git a/samtranslator/sdk/template.py b/samtranslator/sdk/template.py index 0b90bc97de..812c6a83ab 100644 --- a/samtranslator/sdk/template.py +++ b/samtranslator/sdk/template.py @@ -2,7 +2,8 @@ Classes representing SAM template and resources. """ -from typing import Any, Dict, Iterator, Optional, Set, Tuple, Union +from collections.abc import Iterator +from typing import Any, Union from samtranslator.sdk.resource import SamResource @@ -12,7 +13,7 @@ class SamTemplate: Class representing the SAM template """ - def __init__(self, template_dict: Dict[str, Any]) -> None: + def __init__(self, template_dict: dict[str, Any]) -> None: """ Initialize with a template dictionary, that contains "Resources" dictionary @@ -21,12 +22,12 @@ def __init__(self, template_dict: Dict[str, Any]) -> None: self.template_dict = template_dict self.resources = template_dict["Resources"] - def iterate(self, resource_types: Optional[Set[str]] = None) -> Iterator[Tuple[str, SamResource]]: + def iterate(self, resource_types: set[str] | None = None) -> Iterator[tuple[str, SamResource]]: """ Iterate over all resources within the SAM template, optionally filtering by type :param set resource_types: Optional types to filter the resources by - :yields (string, SamResource): Tuple containing LogicalId and the resource + :yields (string, SamResource): tuple containing LogicalId and the resource """ if resource_types is None: resource_types = set() @@ -39,7 +40,7 @@ def iterate(self, resource_types: Optional[Set[str]] = None) -> Iterator[Tuple[s if needs_filter: yield logicalId, resource - def set(self, logical_id: str, resource: Union[SamResource, Dict[str, Any]]) -> None: + def set(self, logical_id: str, resource: Union[SamResource, dict[str, Any]]) -> None: """ Adds the resource to dictionary with given logical Id. It will overwrite, if the logical_id is already used. @@ -53,7 +54,7 @@ def set(self, logical_id: str, resource: Union[SamResource, Dict[str, Any]]) -> self.resources[logical_id] = resource_dict - def get_globals(self) -> Dict[str, Any]: + def get_globals(self) -> dict[str, Any]: """ Gets the global section of the template @@ -61,7 +62,7 @@ def get_globals(self) -> Dict[str, Any]: """ return self.template_dict.get("Globals") or {} - def get(self, logical_id: str) -> Optional[SamResource]: + def get(self, logical_id: str) -> SamResource | None: """ Gets the resource at the given logical_id if present @@ -83,7 +84,7 @@ def delete(self, logicalId): # type: ignore[no-untyped-def] if logicalId in self.resources: del self.resources[logicalId] - def to_dict(self) -> Dict[str, Any]: + def to_dict(self) -> dict[str, Any]: """ Returns the template as a dictionary diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index 2c4c747c91..3f0b3c169b 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -1,6 +1,7 @@ import copy import re -from typing import Any, Callable, Dict, Optional, TypeVar +from collections.abc import Callable +from typing import Any, TypeVar from samtranslator.metrics.method_decorator import cw_timer from samtranslator.model.apigateway import ApiGatewayAuthorizer @@ -50,9 +51,9 @@ class SwaggerEditor(BaseEditor): _DISABLE_EXECUTE_API_ENDPOINT = "disableExecuteApiEndpoint" # Attributes: - _doc: Dict[str, Any] + _doc: dict[str, Any] - def __init__(self, doc: Optional[Dict[str, Any]]) -> None: + def __init__(self, doc: dict[str, Any] | None) -> None: """ Initialize the class with a swagger dictionary. This class creates a copy of the Swagger and performs all modifications on this copy. @@ -122,10 +123,10 @@ def add_lambda_integration( # noqa: PLR0913 path: str, method: str, integration_uri: str, - method_auth_config: Dict[str, Any], - api_auth_config: Dict[str, Any], - condition: Optional[str] = None, - invoke_mode: Optional[Any] = None, + method_auth_config: dict[str, Any], + api_auth_config: dict[str, Any], + condition: str | None = None, + invoke_mode: Any | None = None, ) -> None: """ Adds aws_proxy APIGW integration to the given path+method. @@ -155,10 +156,8 @@ def add_lambda_integration( # noqa: PLR0913 if invoke_mode == "RESPONSE_STREAM": path_item[method][self._X_APIGW_INTEGRATION]["responseTransferMode"] = "STREAM" - if ( - method_auth_config.get("Authorizer") == "AWS_IAM" - or api_auth_config.get("DefaultAuthorizer") == "AWS_IAM" - and not method_auth_config + if method_auth_config.get("Authorizer") == "AWS_IAM" or ( + api_auth_config.get("DefaultAuthorizer") == "AWS_IAM" and not method_auth_config ): method_invoke_role = method_auth_config.get("InvokeRole") if not method_invoke_role and "InvokeRole" in method_auth_config: @@ -179,7 +178,7 @@ def add_lambda_integration( # noqa: PLR0913 if condition: path_item[method] = make_conditional(condition, path_item[method]) - def add_state_machine_integration( # type: ignore[no-untyped-def] # noqa: PLR0913 + def add_state_machine_integration( # type: ignore[no-untyped-def] self, path, method, @@ -275,7 +274,7 @@ def iter_on_all_methods_for_path(self, path_name, skip_methods_without_apigw_int normalized_method_name = self._normalize_method_name(method_name) yield normalized_method_name, method_definition - def add_cors( # type: ignore[no-untyped-def] # noqa: PLR0913 + def add_cors( # type: ignore[no-untyped-def] self, path, allowed_origins, allowed_headers=None, allowed_methods=None, max_age=None, allow_credentials=None ): """ @@ -436,7 +435,7 @@ def _options_method_response_for_cors( # type: ignore[no-untyped-def] to_return["responses"]["200"]["headers"] = response_headers return to_return - def _make_cors_allowed_methods_for_path_item(self, path_item: Dict[str, Any]) -> str: + def _make_cors_allowed_methods_for_path_item(self, path_item: dict[str, Any]) -> str: """ Creates the value for Access-Control-Allow-Methods header for given path item. All HTTP methods defined for this path item will be included in the result. If the path item contains "ANY" method, then *all available* HTTP methods will @@ -529,7 +528,7 @@ def set_path_default_authorizer( # noqa: PLR0912 self, path: str, default_authorizer: str, - authorizers: Dict[str, ApiGatewayAuthorizer], + authorizers: dict[str, ApiGatewayAuthorizer], add_default_auth_to_preflight: bool = True, ) -> None: """ @@ -681,7 +680,7 @@ def set_path_default_apikey_required(self, path: str, required_options_api_key: if security != existing_security: method_definition["security"] = security - def add_auth_to_method(self, path: str, method_name: str, auth: Dict[str, Any], api: Dict[str, Any]) -> None: + def add_auth_to_method(self, path: str, method_name: str, auth: dict[str, Any], api: dict[str, Any]) -> None: """ Adds auth settings for this path/method. Auth settings currently consist of Authorizers and ApiKeyRequired but this method will eventually include setting other auth settings such as Resource Policy, etc. @@ -885,7 +884,7 @@ def add_models(self, models): # type: ignore[no-untyped-def] self.definitions[model_name.lower()] = schema - def add_resource_policy(self, resource_policy: Optional[Dict[str, Any]], path: str, stage: PassThrough) -> None: + def add_resource_policy(self, resource_policy: dict[str, Any] | None, path: str, stage: PassThrough) -> None: """ Add resource policy definition to Swagger. @@ -1071,7 +1070,7 @@ def _add_ip_resource_policy_for_method(self, ip_list, conditional, resource_list self.resource_policy["Statement"] = statement def _add_vpc_resource_policy_for_method( # noqa: PLR0912 - self, endpoint_dict: Dict[str, Any], conditional: str, resource_list: PassThrough + self, endpoint_dict: dict[str, Any], conditional: str, resource_list: PassThrough ) -> None: """ This method generates a policy statement to grant/deny specific VPC/VPCE access to the API method and @@ -1198,7 +1197,7 @@ def add_request_parameters_to_method(self, path, method_name, request_parameters method_definition["parameters"] = existing_parameters @property - def swagger(self) -> Dict[str, Any]: + def swagger(self) -> dict[str, Any]: """ Returns a **copy** of the Swagger document as a dictionary. @@ -1298,7 +1297,4 @@ def _validate_list_property_is_resolved(property_list): # type: ignore[no-untyp :return bool: True if the property_list is all of type string otherwise False """ - if property_list is not None and not all(isinstance(x, str) for x in property_list): - return False - - return True + return not (property_list is not None and not all(isinstance(x, str) for x in property_list)) diff --git a/samtranslator/translator/arn_generator.py b/samtranslator/translator/arn_generator.py index 3c67484917..1a39819af4 100644 --- a/samtranslator/translator/arn_generator.py +++ b/samtranslator/translator/arn_generator.py @@ -1,5 +1,4 @@ from functools import lru_cache -from typing import Optional import boto3 @@ -34,7 +33,7 @@ def _region_to_partition(region: str) -> str: class ArnGenerator: - BOTO_SESSION_REGION_NAME: Optional[str] = None + BOTO_SESSION_REGION_NAME: str | None = None @classmethod def generate_arn( @@ -43,7 +42,7 @@ def generate_arn( service: str, resource: str, include_account_id: bool = True, - region: Optional[str] = None, + region: str | None = None, ) -> str: """Generate AWS ARN. @@ -99,7 +98,7 @@ def generate_aws_managed_policy_arn(cls, policy_name: str) -> str: return f"arn:{ArnGenerator.get_partition_name()}:iam::aws:policy/{policy_name}" @classmethod - def get_partition_name(cls, region: Optional[str] = None) -> str: + def get_partition_name(cls, region: str | None = None) -> str: """ Gets the name of the partition given the region name. If region name is not provided, this method will use Boto3 to get name of the region where this code is running. diff --git a/samtranslator/translator/logical_id_generator.py b/samtranslator/translator/logical_id_generator.py index 2c9a755f9f..e6128b5af6 100644 --- a/samtranslator/translator/logical_id_generator.py +++ b/samtranslator/translator/logical_id_generator.py @@ -1,6 +1,6 @@ import hashlib import json -from typing import Any, Optional +from typing import Any class LogicalIdGenerator: @@ -8,7 +8,7 @@ class LogicalIdGenerator: # given by this class HASH_LENGTH = 10 - def __init__(self, prefix: str, data_obj: Optional[Any] = None, data_hash: Optional[str] = None) -> None: + def __init__(self, prefix: str, data_obj: Any | None = None, data_hash: str | None = None) -> None: """ Generate logical IDs for resources that are stable, deterministic and platform independent diff --git a/samtranslator/translator/managed_policy_translator.py b/samtranslator/translator/managed_policy_translator.py index 1303a8ff20..87bddf727a 100644 --- a/samtranslator/translator/managed_policy_translator.py +++ b/samtranslator/translator/managed_policy_translator.py @@ -1,5 +1,5 @@ import logging -from typing import Dict, Optional, cast +from typing import cast from botocore.client import BaseClient @@ -11,7 +11,7 @@ class ManagedPolicyLoader: def __init__(self, iam_client: BaseClient) -> None: self._iam_client = iam_client - self._policy_map: Optional[Dict[str, str]] = None + self._policy_map: dict[str, str] | None = None self.max_items = 1000 @cw_timer(prefix="External", name="IAM") @@ -25,7 +25,7 @@ def _load_policies_from_iam(self) -> None: # Note(jfuss): boto3 PaginationConfig MaxItems does not control the number of items returned from the API # call. This is actually controlled by PageSize. page_iterator = paginator.paginate(Scope="AWS", PaginationConfig={"PageSize": self.max_items}) - name_to_arn_map: Dict[str, str] = {} + name_to_arn_map: dict[str, str] = {} for page in page_iterator: name_to_arn_map.update((x["PolicyName"], x["Arn"]) for x in page["Policies"]) @@ -33,8 +33,8 @@ def _load_policies_from_iam(self) -> None: LOG.info("Finished loading policies from IAM.") self._policy_map = name_to_arn_map - def load(self) -> Dict[str, str]: + def load(self) -> dict[str, str]: if self._policy_map is None: self._load_policies_from_iam() # mypy doesn't realize that function above assigns non-None value - return cast(Dict[str, str], self._policy_map) + return cast(dict[str, str], self._policy_map) diff --git a/samtranslator/translator/transform.py b/samtranslator/translator/transform.py index 34ec50709f..65871538fa 100644 --- a/samtranslator/translator/transform.py +++ b/samtranslator/translator/transform.py @@ -1,5 +1,5 @@ -from functools import lru_cache -from typing import Any, Dict, Optional +from functools import cache +from typing import Any from samtranslator.feature_toggle.feature_toggle import FeatureToggle from samtranslator.parser.parser import Parser @@ -9,12 +9,12 @@ def transform( - input_fragment: Dict[str, Any], - parameter_values: Dict[str, Any], + input_fragment: dict[str, Any], + parameter_values: dict[str, Any], managed_policy_loader: ManagedPolicyLoader, - feature_toggle: Optional[FeatureToggle] = None, - passthrough_metadata: Optional[bool] = False, -) -> Dict[str, Any]: + feature_toggle: FeatureToggle | None = None, + passthrough_metadata: bool | None = False, +) -> dict[str, Any]: """Translates the SAM manifest provided in the and returns the translation to CloudFormation. :param dict input_fragment: the SAM template to transform @@ -30,8 +30,8 @@ def transform( sam_parser, ) - @lru_cache(maxsize=None) - def get_managed_policy_map() -> Dict[str, str]: + @cache + def get_managed_policy_map() -> dict[str, str]: return managed_policy_loader.load() transformed = translator.translate( diff --git a/samtranslator/translator/translator.py b/samtranslator/translator/translator.py index 21f51c2f91..2aeadbe2ca 100644 --- a/samtranslator/translator/translator.py +++ b/samtranslator/translator/translator.py @@ -1,5 +1,5 @@ import copy -from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple +from typing import TYPE_CHECKING, Any from boto3 import Session @@ -47,33 +47,33 @@ class Translator: def __init__( self, - managed_policy_map: Optional[Dict[str, str]], + managed_policy_map: dict[str, str] | None, sam_parser: Parser, - plugins: Optional[List[BasePlugin]] = None, - boto_session: Optional[Session] = None, - metrics: Optional[Metrics] = None, + plugins: list[BasePlugin] | None = None, + boto_session: Session | None = None, + metrics: Metrics | None = None, ) -> None: """ :param dict managed_policy_map: Map of managed policy names to the ARNs :param sam_parser: Instance of a SAM Parser - :param list of samtranslator.plugins.BasePlugin plugins: List of plugins to be installed in the translator, + :param list of samtranslator.plugins.BasePlugin plugins: list of plugins to be installed in the translator, in addition to the default ones. """ self.managed_policy_map = managed_policy_map self.plugins = plugins self.sam_parser = sam_parser - self.feature_toggle: Optional[FeatureToggle] = None + self.feature_toggle: FeatureToggle | None = None self.boto_session = boto_session self.metrics = metrics if metrics else Metrics("ServerlessTransform", DummyMetricsPublisher()) MetricsMethodWrapperSingleton.set_instance(self.metrics) - self.document_errors: List[ExceptionWithMessage] = [] + self.document_errors: list[ExceptionWithMessage] = [] if self.boto_session: ArnGenerator.BOTO_SESSION_REGION_NAME = self.boto_session.region_name def _get_function_names( - self, resource_dict: Dict[str, Any], intrinsics_resolver: IntrinsicsResolver - ) -> Dict[str, str]: + self, resource_dict: dict[str, Any], intrinsics_resolver: IntrinsicsResolver + ) -> dict[str, str]: """ :param resource_dict: AWS::Serverless::Function resource is provided as input :param intrinsics_resolver: to resolve intrinsics for function_name @@ -98,18 +98,18 @@ def _get_function_names( ) if not resolved_function_name: continue - self.function_names.setdefault(api_name, "") - self.function_names[api_name] += str(resolved_function_name) - return self.function_names + self.function_names.setdefault(api_name, []) + self.function_names[api_name].append(str(resolved_function_name)) + return {api: "".join(names) for api, names in self.function_names.items()} def translate( # noqa: PLR0912, PLR0915 self, - sam_template: Dict[str, Any], - parameter_values: Dict[str, Any], - feature_toggle: Optional[FeatureToggle] = None, - passthrough_metadata: Optional[bool] = False, - get_managed_policy_map: Optional[GetManagedPolicyMap] = None, - ) -> Dict[str, Any]: + sam_template: dict[str, Any], + parameter_values: dict[str, Any], + feature_toggle: FeatureToggle | None = None, + passthrough_metadata: bool | None = False, + get_managed_policy_map: GetManagedPolicyMap | None = None, + ) -> dict[str, Any]: """Loads the SAM resources from the given SAM manifest, replaces them with their corresponding CloudFormation resources, and returns the resulting CloudFormation template. @@ -127,7 +127,7 @@ def translate( # noqa: PLR0912, PLR0915 self.feature_toggle = feature_toggle or FeatureToggle( FeatureToggleDefaultConfigProvider(), stage=None, account_id=None, region=None ) - self.function_names: Dict[Any, Any] = {} + self.function_names: dict[Any, Any] = {} self.redeploy_restapi_parameters = {} sam_parameter_values = SamParameterValues(parameter_values) sam_parameter_values.add_default_parameter_values(sam_template) @@ -161,7 +161,7 @@ def translate( # noqa: PLR0912, PLR0915 supported_resource_refs = SupportedResourceReferences() shared_api_usage_plan = SharedApiUsagePlan() changed_logical_ids = {} - route53_record_set_groups: Dict[Any, Any] = {} + route53_record_set_groups: dict[Any, Any] = {} for logical_id, resource_dict in self._get_resources_to_iterate(sam_template, macro_resolver): try: macro = macro_resolver.resolve_resource_type(resource_dict).from_dict( @@ -248,8 +248,8 @@ def translate( # noqa: PLR0912, PLR0915 # private methods def _get_resources_to_iterate( - self, sam_template: Dict[str, Any], macro_resolver: ResourceTypeResolver - ) -> List[Tuple[str, Dict[str, Any]]]: + self, sam_template: dict[str, Any], macro_resolver: ResourceTypeResolver + ) -> list[tuple[str, dict[str, Any]]]: """ Returns a list of resources to iterate, order them based on the following order: @@ -264,7 +264,7 @@ def _get_resources_to_iterate( :param dict sam_template: SAM template :param macro_resolver: Resolver that knows if a resource can be processed or not - :return list: List containing tuple of (logicalId, resource_dict) in the order of processing + :return list: list containing tuple of (logicalId, resource_dict) in the order of processing """ functions = [] @@ -298,26 +298,26 @@ def _get_resources_to_iterate( return functions + statemachines + apis + others + connectors @staticmethod - def _update_resources(connectors_list: List[Resource]) -> Dict[str, Any]: + def _update_resources(connectors_list: list[Resource]) -> dict[str, Any]: connector_resources = {} for connector in connectors_list: connector_resources.update(connector.to_dict()) return connector_resources @staticmethod - def _delete_connectors_attribute(resources: Dict[str, Any]) -> None: + def _delete_connectors_attribute(resources: dict[str, Any]) -> None: for resource in resources.values(): if "Connectors" not in resource: continue del resource["Connectors"] - def _get_embedded_connectors(self, resources: Dict[str, Any]) -> List[Resource]: + def _get_embedded_connectors(self, resources: dict[str, Any]) -> list[Resource]: """ Loops through the SAM Template resources to find any connectors that have been attached to the resources. Converts those attached connectors into Connector resources and returns a list of them - :param dict resources: Dict of resources from the SAM template - :return List[SamConnector]: List of the generated SAM Connectors + :param dict resources: dict of resources from the SAM template + :return list[SamConnector]: list of the generated SAM Connectors """ connectors = [] @@ -367,7 +367,7 @@ def _get_generated_connector( source_logical_id: str, full_connector_logical_id: str, connector_logical_id: str, - connector_dict: Dict[str, Any], + connector_dict: dict[str, Any], ) -> Resource: """ Generates the connector resource from the embedded connector @@ -406,12 +406,12 @@ def _get_generated_connector( return SamConnector.from_dict(full_connector_logical_id, connector) -def prepare_plugins(plugins: Optional[List[BasePlugin]], parameters: Optional[Dict[str, Any]] = None) -> SamPlugins: +def prepare_plugins(plugins: list[BasePlugin] | None, parameters: dict[str, Any] | None = None) -> SamPlugins: """ Creates & returns a plugins object with the given list of plugins installed. In addition to the given plugins, we will also install a few "required" plugins that are necessary to provide complete support for SAM template spec. - :param plugins: list of samtranslator.plugins.BasePlugin plugins: List of plugins to install + :param plugins: list of samtranslator.plugins.BasePlugin plugins: list of plugins to install :param parameters: Dictionary of parameter values :return samtranslator.plugins.SamPlugins: Instance of `SamPlugins` """ @@ -444,14 +444,14 @@ def prepare_plugins(plugins: Optional[List[BasePlugin]], parameters: Optional[Di def make_implicit_rest_api_plugin() -> "ImplicitRestApiPlugin": # This is necessary to prevent a circular dependency on imports when loading package - from samtranslator.plugins.api.implicit_rest_api_plugin import ImplicitRestApiPlugin + from samtranslator.plugins.api.implicit_rest_api_plugin import ImplicitRestApiPlugin # noqa: PLC0415 return ImplicitRestApiPlugin() def make_implicit_http_api_plugin() -> "ImplicitHttpApiPlugin": # This is necessary to prevent a circular dependency on imports when loading package - from samtranslator.plugins.api.implicit_http_api_plugin import ImplicitHttpApiPlugin + from samtranslator.plugins.api.implicit_http_api_plugin import ImplicitHttpApiPlugin # noqa: PLC0415 return ImplicitHttpApiPlugin() diff --git a/samtranslator/translator/verify_logical_id.py b/samtranslator/translator/verify_logical_id.py index 47896f1d37..89177ea241 100644 --- a/samtranslator/translator/verify_logical_id.py +++ b/samtranslator/translator/verify_logical_id.py @@ -1,4 +1,4 @@ -from typing import Any, Dict +from typing import Any from samtranslator.model import Resource @@ -23,16 +23,14 @@ } -def verify_unique_logical_id(resource: Resource, existing_resources: Dict[str, Any]) -> bool: +def verify_unique_logical_id(resource: Resource, existing_resources: dict[str, Any]) -> bool: """Return true if the logical id is unique.""" # new resource logicalid exists in the template before transform if resource.logical_id is None or resource.logical_id not in existing_resources: return True # new resource logicalid is in the do_not_resolve list - if ( + return bool( resource.resource_type in do_not_verify and existing_resources[resource.logical_id]["Type"] in do_not_verify[resource.resource_type] - ): - return True - return False + ) diff --git a/samtranslator/utils/actions.py b/samtranslator/utils/actions.py index 921914a047..42e1ad1057 100644 --- a/samtranslator/utils/actions.py +++ b/samtranslator/utils/actions.py @@ -1,5 +1,5 @@ from abc import ABC, abstractmethod -from typing import Any, Dict +from typing import Any class Action(ABC): @@ -9,14 +9,14 @@ class Action(ABC): """ @abstractmethod - def execute(self, template: Dict[str, Any]) -> Dict[str, Any]: + def execute(self, template: dict[str, Any]) -> dict[str, Any]: pass class ResolveDependsOn(Action): DependsOn = "DependsOn" - def __init__(self, resolution_data: Dict[str, str]): + def __init__(self, resolution_data: dict[str, str]): """ Initializes ResolveDependsOn. Where data necessary to resolve execute can be provided. @@ -24,7 +24,7 @@ def __init__(self, resolution_data: Dict[str, str]): """ self.resolution_data = resolution_data - def execute(self, template: Dict[str, Any]) -> Dict[str, Any]: + def execute(self, template: dict[str, Any]) -> dict[str, Any]: """ Resolve DependsOn when logical ids get changed when transforming (ex: AWS::Serverless::LayerVersion) @@ -50,7 +50,7 @@ def execute(self, template: Dict[str, Any]) -> Dict[str, Any]: template[self.DependsOn] = changed_logical_id return template - def _can_handle_depends_on(self, input_dict: Dict[str, Any]) -> bool: + def _can_handle_depends_on(self, input_dict: dict[str, Any]) -> bool: """ Checks if the input dictionary is of length one and contains "DependsOn" diff --git a/samtranslator/utils/cfn_dynamic_references.py b/samtranslator/utils/cfn_dynamic_references.py index f5b340fddd..6c4eabf2f9 100644 --- a/samtranslator/utils/cfn_dynamic_references.py +++ b/samtranslator/utils/cfn_dynamic_references.py @@ -12,6 +12,4 @@ def is_dynamic_reference(_input: Any) -> bool: :return: True, if yes """ pattern = re.compile("^{{resolve:([a-z-]+):(.+)}}$") - if _input is not None and isinstance(_input, str) and pattern.match(_input): - return True - return False + return bool(_input is not None and isinstance(_input, str) and pattern.match(_input)) diff --git a/samtranslator/utils/py27hash_fix.py b/samtranslator/utils/py27hash_fix.py index 17ee3b257e..5e545a548c 100644 --- a/samtranslator/utils/py27hash_fix.py +++ b/samtranslator/utils/py27hash_fix.py @@ -1,11 +1,11 @@ -""" -""" +""" """ import copy import ctypes import json import logging -from typing import Any, Dict, Iterator, List, Optional, cast +from collections.abc import Iterator +from typing import Any, cast from samtranslator.parser.parser import Parser from samtranslator.third_party.py27hash.hash import Hash @@ -21,7 +21,7 @@ def to_py27_compatible_template( # noqa: PLR0912 - template: Dict[str, Any], parameter_values: Optional[Dict[str, Any]] = None + template: dict[str, Any], parameter_values: dict[str, Any] | None = None ) -> None: """ Convert an input template to a py27hash-compatible template. This function has to be run before any @@ -96,8 +96,8 @@ def to_py27_compatible_template( # noqa: PLR0912 parameter_values[key] = _convert_to_py27_type(val) # type: ignore[no-untyped-call] -def undo_mark_unicode_str_in_template(template_dict: Dict[str, Any]) -> Dict[str, Any]: - return cast(Dict[str, Any], json.loads(json.dumps(template_dict))) +def undo_mark_unicode_str_in_template(template_dict: dict[str, Any]) -> dict[str, Any]: + return cast(dict[str, Any], json.loads(json.dumps(template_dict))) class Py27UniStr(unicode_string_type): @@ -130,7 +130,7 @@ def __deepcopy__(self, memo): # type: ignore[no-untyped-def] return self # strings are immutable def _get_py27_hash(self) -> int: - h: Optional[int] = getattr(self, "_py27_hash", None) + h: int | None = getattr(self, "_py27_hash", None) if h is None: self._py27_hash = h = ctypes.c_size_t(Hash.hash(self)).value return h @@ -153,7 +153,7 @@ def __deepcopy__(self, memo): # type: ignore[no-untyped-def] return self # primitive types (ints) are immutable -class Py27Keys: +class Py27Keys: # noqa: PLW1641 """ A class for tracking keys based on based on Python 2.7 order. Based on https://github.com/python/cpython/blob/v2.7.18/Objects/dictobject.c. @@ -170,7 +170,7 @@ class Py27Keys: def __init__(self) -> None: super().__init__() self.debug = False - self.keyorder: Dict[int, str] = {} + self.keyorder: dict[int, str] = {} self.size = 0 # current size of the keys, equivalent to ma_used in dictobject.c self.fill = 0 # increment count when a key is added, equivalent to ma_fill in dictobject.c self.mask = MINSIZE - 1 # Python2 default dict size @@ -262,7 +262,7 @@ def add(self, key): # type: ignore[no-untyped-def] # Python2 dict increases size by a factor of 4 for small dict, and 2 for large dict self._resize(self.size * (2 if self.size > self._LARGE_DICT_SIZE_THRESHOLD else 4)) # type: ignore[no-untyped-call] - def keys(self) -> List[str]: + def keys(self) -> list[str]: """Return keys in Python2 order""" return [self.keyorder[key] for key in sorted(self.keyorder.keys()) if self.keyorder[key] is not self.DUMMY] @@ -520,7 +520,7 @@ def __str__(self) -> str: def __repr__(self) -> str: """ - Create a string version of this Dict + Create a string version of this dict Returns ------- diff --git a/samtranslator/utils/traverse.py b/samtranslator/utils/traverse.py index ebd34584a0..257d89b02e 100644 --- a/samtranslator/utils/traverse.py +++ b/samtranslator/utils/traverse.py @@ -1,11 +1,11 @@ -from typing import Any, Dict, List +from typing import Any from samtranslator.utils.actions import Action def traverse( input_value: Any, - actions: List[Action], + actions: list[Action], ) -> Any: """ Driver method that performs the actual traversal of input and calls the execute method of the provided actions. @@ -13,7 +13,7 @@ def traverse( Traversal Algorithm: Imagine the input dictionary/list as a tree. We are doing a Pre-Order tree traversal here where we first - process the root node before going to its children. Dict and Lists are the only two iterable nodes. + process the root node before going to its children. dict and Lists are the only two iterable nodes. Everything else is a leaf node. :param input_value: Any primitive type (dict, array, string etc) whose value might contain a changed value @@ -34,8 +34,8 @@ def traverse( def _traverse_dict( - input_dict: Dict[str, Any], - actions: List[Action], + input_dict: dict[str, Any], + actions: list[Action], ) -> Any: """ Traverse a dictionary to resolves changed values on every value @@ -51,13 +51,13 @@ def _traverse_dict( def _traverse_list( - input_list: List[Any], - actions: List[Action], + input_list: list[Any], + actions: list[Action], ) -> Any: """ Traverse a list to resolve changed values on every element - :param input_list: List of input + :param input_list: list of input :param actions: This is just to pass it to the template partition :return: Modified list with values functions resolved """ diff --git a/samtranslator/utils/types.py b/samtranslator/utils/types.py index 88d9db614a..a9e43f4597 100644 --- a/samtranslator/utils/types.py +++ b/samtranslator/utils/types.py @@ -1,7 +1,7 @@ """Type related utils.""" -from typing import Any, Dict, TypeVar, Union +from typing import Any, TypeVar, Union T = TypeVar("T") -Intrinsicable = Union[Dict[str, Any], T] +Intrinsicable = Union[dict[str, Any], T] diff --git a/samtranslator/utils/utils.py b/samtranslator/utils/utils.py index ab952efdfc..b54a7f83ee 100644 --- a/samtranslator/utils/utils.py +++ b/samtranslator/utils/utils.py @@ -1,13 +1,13 @@ import copy -from typing import Any, List, Optional, Union, cast +from typing import Any, Union, cast -def as_array(x: Any) -> List[Any]: +def as_array(x: Any) -> list[Any]: """Convert value to list if it already isn't.""" return x if isinstance(x, list) else [x] -def insert_unique(xs: Any, vs: Any) -> List[Any]: +def insert_unique(xs: Any, vs: Any) -> list[Any]: """ Return copy of `xs` extended with values of `vs` that do not exist in `xs`. @@ -20,7 +20,7 @@ def insert_unique(xs: Any, vs: Any) -> List[Any]: if v not in xs: xs.append(v) - return cast(List[Any], xs) # mypy doesn't recognize it + return cast(list[Any], xs) # mypy doesn't recognize it class InvalidValueType(Exception): @@ -31,7 +31,7 @@ def __init__(self, relative_path: str) -> None: super().__init__("It should be a map") -def dict_deep_get(d: Any, path: Union[str, List[str]]) -> Optional[Any]: +def dict_deep_get(d: Any, path: Union[str, list[str]]) -> Any | None: """ Get the value deep in the dict. diff --git a/samtranslator/validator/validator.py b/samtranslator/validator/validator.py index 723c8fb855..01ebe284a5 100644 --- a/samtranslator/validator/validator.py +++ b/samtranslator/validator/validator.py @@ -1,5 +1,4 @@ import json -import os import re from pathlib import Path from typing import Any @@ -38,11 +37,11 @@ def __init__(self, schema=None) -> None: # type: ignore[no-untyped-def] schema_store = {} definitions_dir = sam_schema.SCHEMA_DIR / "definitions" - for sub_schema in os.listdir(definitions_dir): - if sub_schema.endswith(".json"): - with (definitions_dir / sub_schema).open(encoding="utf-8") as f: + for sub_schema_path in definitions_dir.iterdir(): + if sub_schema_path.name.endswith(".json"): + with sub_schema_path.open(encoding="utf-8") as f: schema_content = f.read() - schema_store[sub_schema] = json.loads(schema_content) + schema_store[sub_schema_path.name] = json.loads(schema_content) resolver = jsonschema.RefResolver.from_schema(schema, store=schema_store) # type: ignore[no-untyped-call] diff --git a/samtranslator/validator/value_validator.py b/samtranslator/validator/value_validator.py index 699c86527b..26ee222112 100644 --- a/samtranslator/validator/value_validator.py +++ b/samtranslator/validator/value_validator.py @@ -1,6 +1,6 @@ """A plug-able validator to help raise exception when some value is unexpected.""" -from typing import Any, Dict, Generic, Optional, TypeVar, cast +from typing import Any, Generic, TypeVar, cast from samtranslator.model.exceptions import ( ExpectedType, @@ -14,7 +14,7 @@ class _ResourcePropertyValueValidator(Generic[T]): - value: Optional[T] + value: T | None resource_id: str key_path: str is_sam_event: bool @@ -22,7 +22,7 @@ class _ResourcePropertyValueValidator(Generic[T]): def __init__( self, - value: Optional[T], + value: T | None, resource_id: str, key_path: str, is_sam_event: bool = False, @@ -35,14 +35,14 @@ def __init__( self.is_resource_attribute = is_resource_attribute @property - def resource_logical_id(self) -> Optional[str]: + def resource_logical_id(self) -> str | None: return None if self.is_sam_event else self.resource_id @property - def event_id(self) -> Optional[str]: + def event_id(self) -> str | None: return self.resource_id if self.is_sam_event else None - def to_be_a(self, expected_type: ExpectedType, message: Optional[str] = "") -> T: + def to_be_a(self, expected_type: ExpectedType, message: str | None = "") -> T: """ Validate the type of the value and return the value if valid. @@ -66,7 +66,7 @@ def to_be_a(self, expected_type: ExpectedType, message: Optional[str] = "") -> T # mypy is not smart to derive class from expected_type.value[1], ignore types: return self.value # type: ignore - def to_not_be_none(self, message: Optional[str] = "") -> T: + def to_not_be_none(self, message: str | None = "") -> T: """ Validate the value is not None and return the value if valid. @@ -85,17 +85,17 @@ def to_not_be_none(self, message: Optional[str] = "") -> T: # # alias methods: # - def to_be_a_map(self, message: Optional[str] = "") -> Dict[str, Any]: + def to_be_a_map(self, message: str | None = "") -> dict[str, Any]: """ - Return the value with type hint "Dict[str, Any]". + Return the value with type hint "dict[str, Any]". Raise InvalidResourceException/InvalidEventException if the value is not. """ - return cast(Dict[str, Any], self.to_be_a(ExpectedType.MAP, message)) + return cast(dict[str, Any], self.to_be_a(ExpectedType.MAP, message)) - def to_be_a_list(self, message: Optional[str] = "") -> T: + def to_be_a_list(self, message: str | None = "") -> T: return self.to_be_a(ExpectedType.LIST, message) - def to_be_a_list_of(self, expected_type: ExpectedType, message: Optional[str] = "") -> T: + def to_be_a_list_of(self, expected_type: ExpectedType, message: str | None = "") -> T: """ Return the value with type hint "List[T]". Raise InvalidResourceException/InvalidEventException if the value is not. @@ -107,21 +107,21 @@ def to_be_a_list_of(self, expected_type: ExpectedType, message: Optional[str] = ) return value - def to_be_a_string(self, message: Optional[str] = "") -> str: + def to_be_a_string(self, message: str | None = "") -> str: """ Return the value with type hint "str". Raise InvalidResourceException/InvalidEventException if the value is not. """ return cast(str, self.to_be_a(ExpectedType.STRING, message)) - def to_be_an_integer(self, message: Optional[str] = "") -> int: + def to_be_an_integer(self, message: str | None = "") -> int: """ Return the value with type hint "int". Raise InvalidResourceException/InvalidEventException if the value is not. """ return cast(int, self.to_be_a(ExpectedType.INTEGER, message)) - def to_be_a_bool(self, message: Optional[str] = "") -> bool: + def to_be_a_bool(self, message: str | None = "") -> bool: """ Return the value with type hint "bool". Raise InvalidResourceException/InvalidEventException if the value is not. diff --git a/schema_source/cfn_schema_generator.py b/schema_source/cfn_schema_generator.py index 8c2c5ffb5a..91d900c0a4 100644 --- a/schema_source/cfn_schema_generator.py +++ b/schema_source/cfn_schema_generator.py @@ -7,7 +7,7 @@ import gzip import json from pathlib import Path -from typing import Any, Dict, cast +from typing import Any, cast import requests @@ -231,7 +231,7 @@ def generate(self, output_file: str = ".tmp/cloudformation.schema.json") -> None json_str = json_str.replace("<", "\\u003c").replace(">", "\\u003e") f.write(json_str) - def _download_spec(self) -> Dict[str, Any]: + def _download_spec(self) -> dict[str, Any]: """Download and parse CloudFormation specification""" response = requests.get(self.spec_url, timeout=30) response.raise_for_status() @@ -241,10 +241,10 @@ def _download_spec(self) -> Dict[str, Any]: if content.startswith(b"\x1f\x8b"): # gzip magic number content = gzip.decompress(content) - result: Dict[str, Any] = json.loads(content) + result: dict[str, Any] = json.loads(content) return result - def _generate_schema(self, spec: Dict[str, Any]) -> Dict[str, Any]: + def _generate_schema(self, spec: dict[str, Any]) -> dict[str, Any]: """Generate JSON schema from CloudFormation specification""" resources = spec.get("ResourceTypes", {}) properties = spec.get("PropertyTypes", {}) @@ -254,8 +254,8 @@ def _generate_schema(self, spec: Dict[str, Any]) -> Dict[str, Any]: resource_refs.append({"$ref": "#/definitions/CustomResource"}) # Start with main schema template and fill in the details - main_properties = cast(Dict[str, Any], MAIN_SCHEMA_TEMPLATE["properties"]) - resources_property = cast(Dict[str, Any], main_properties["Resources"]) + main_properties = cast(dict[str, Any], MAIN_SCHEMA_TEMPLATE["properties"]) + resources_property = cast(dict[str, Any], main_properties["Resources"]) schema = { **MAIN_SCHEMA_TEMPLATE, @@ -269,7 +269,7 @@ def _generate_schema(self, spec: Dict[str, Any]) -> Dict[str, Any]: } # Build definitions from templates - definitions: Dict[str, Any] = {} + definitions: dict[str, Any] = {} definitions["Parameter"] = PARAMETER_SCHEMA_TEMPLATE definitions["CustomResource"] = CUSTOM_RESOURCE_SCHEMA_TEMPLATE @@ -285,8 +285,8 @@ def _generate_schema(self, spec: Dict[str, Any]) -> Dict[str, Any]: return schema def _generate_resource_schema( - self, name: str, resource: Dict[str, Any], is_custom_property: bool - ) -> Dict[str, Any]: + self, name: str, resource: dict[str, Any], is_custom_property: bool + ) -> dict[str, Any]: """Generate schema for a CloudFormation resource""" properties = resource.get("Properties", {}) required = sorted([prop_name for prop_name, prop in properties.items() if prop.get("Required", False)]) @@ -327,21 +327,21 @@ def _generate_resource_schema( # Add optional policies for specific resources if name in RESOURCES_WITH_CREATION_POLICY: - properties_obj = cast(Dict[str, Any], resource_schema["properties"]) + properties_obj = cast(dict[str, Any], resource_schema["properties"]) properties_obj["CreationPolicy"] = {"type": "object"} if name in RESOURCES_WITH_UPDATE_POLICY: - properties_obj = cast(Dict[str, Any], resource_schema["properties"]) + properties_obj = cast(dict[str, Any], resource_schema["properties"]) properties_obj["UpdatePolicy"] = {"type": "object"} return resource_schema def _generate_property_schema( # noqa: PLR0911 - self, name: str, prop: Dict[str, Any], parent: str - ) -> Dict[str, Any]: + self, name: str, prop: dict[str, Any], parent: str + ) -> dict[str, Any]: """Generate schema for a CloudFormation property""" # Extract resource name from parent (e.g., "AWS::S3::Bucket" from "AWS::S3::Bucket.Property") - resource_name = parent.split(".")[0] if "." in parent else parent + resource_name = parent.split(".", maxsplit=1)[0] if "." in parent else parent # Handle polymorphic properties (simplified) if self._is_polymorphic(prop): @@ -399,7 +399,7 @@ def _generate_property_schema( # noqa: PLR0911 return {"type": "object"} - def _is_polymorphic(self, prop: Dict[str, Any]) -> bool: + def _is_polymorphic(self, prop: dict[str, Any]) -> bool: """Check if property can be multiple different types""" return bool( prop.get("PrimitiveTypes") diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index cfd2522a3a..f8d81c4e8f 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -40596,7 +40596,7 @@ }, "AWS::QuickSight::Analysis ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Analysis RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -43682,7 +43682,7 @@ }, "AWS::QuickSight::Dashboard ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Dashboard RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -44504,7 +44504,7 @@ }, "AWS::QuickSight::DataSet ColumnLevelPermissionRule": { "ColumnNames": "An array of column names.", - "Principals": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups." + "Principals": "An array of Amazon Resource Names (ARNs) for Quick users or groups." }, "AWS::QuickSight::DataSet ColumnTag": { "ColumnDescription": "A description for a column.", @@ -44706,7 +44706,7 @@ "Type": "The type of join that it is." }, "AWS::QuickSight::DataSet JoinKeyProperties": { - "UniqueKey": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick Suite to optimize query performance." + "UniqueKey": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick to optimize query performance." }, "AWS::QuickSight::DataSet JoinOperandProperties": { "OutputColumnNameOverrides": "A list of column name overrides to apply to the join operand's output columns." @@ -44813,7 +44813,7 @@ }, "AWS::QuickSight::DataSet ResourcePermission": { "Actions": "The IAM action to grant or revoke permisions on", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::DataSet RowLevelPermissionConfiguration": { "RowLevelPermissionDataSet": "", @@ -45075,7 +45075,7 @@ }, "AWS::QuickSight::DataSource ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "Resource": "" }, "AWS::QuickSight::DataSource S3Parameters": { @@ -45156,7 +45156,7 @@ "DayOfWeek": "The day of the week that you want to schedule the refresh on. This value is required for weekly and monthly refresh intervals." }, "AWS::QuickSight::RefreshSchedule RefreshScheduleMap": { - "RefreshType": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", + "RefreshType": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick User Guide* .", "ScheduleFrequency": "The frequency for the refresh schedule.", "ScheduleId": "An identifier for the refresh schedule.", "StartAfterDateTime": "Time after which the refresh schedule can be started, expressed in `YYYY-MM-DDTHH:MM:SS` format." @@ -47204,7 +47204,7 @@ }, "AWS::QuickSight::Template ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Template RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -47993,7 +47993,7 @@ }, "AWS::QuickSight::Theme ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Theme SheetStyle": { "Tile": "The display options for tiles.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index b1cf5918d4..31b99af07c 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -2869,6 +2869,12 @@ "markdownDescription": "A parallel configuration execution block.", "title": "ParallelConfig" }, + "RdsCreateCrossRegionReadReplicaConfig": { + "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RdsCreateCrossRegionReplicaConfiguration" + }, + "RdsPromoteReadReplicaConfig": { + "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RdsPromoteReadReplicaConfiguration" + }, "RegionSwitchPlanConfig": { "$ref": "#/definitions/AWS::ARCRegionSwitch::Plan.RegionSwitchPlanConfiguration", "markdownDescription": "A Region switch plan execution block.", @@ -3011,6 +3017,60 @@ ], "type": "object" }, + "AWS::ARCRegionSwitch::Plan.RdsCreateCrossRegionReplicaConfiguration": { + "additionalProperties": false, + "properties": { + "CrossAccountRole": { + "type": "string" + }, + "DbInstanceArnMap": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "ExternalId": { + "type": "string" + }, + "TimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "DbInstanceArnMap" + ], + "type": "object" + }, + "AWS::ARCRegionSwitch::Plan.RdsPromoteReadReplicaConfiguration": { + "additionalProperties": false, + "properties": { + "CrossAccountRole": { + "type": "string" + }, + "DbInstanceArnMap": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "ExternalId": { + "type": "string" + }, + "TimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "DbInstanceArnMap" + ], + "type": "object" + }, "AWS::ARCRegionSwitch::Plan.RegionSwitchPlanConfiguration": { "additionalProperties": false, "properties": { @@ -11156,11 +11216,6 @@ "markdownDescription": "Settings for logging access in this stage.", "title": "AccessLogSettings" }, - "AccessPolicyId": { - "markdownDescription": "This parameter is not currently supported.", - "title": "AccessPolicyId", - "type": "string" - }, "ApiId": { "markdownDescription": "The API identifier.", "title": "ApiId", @@ -15110,6 +15165,9 @@ "markdownDescription": "The configuration for where the application should be loaded from.", "title": "ApplicationSourceConfig" }, + "ApplicationType": { + "type": "string" + }, "Description": { "markdownDescription": "The description of the application.", "title": "Description", @@ -15159,7 +15217,6 @@ }, "required": [ "ApplicationSourceConfig", - "Description", "Name", "Namespace" ], @@ -20608,6 +20665,9 @@ "title": "Description", "type": "string" }, + "DisableIMDSV1": { + "type": "boolean" + }, "DisconnectTimeoutInSeconds": { "markdownDescription": "The amount of time that a streaming session remains active after users disconnect. If users try to reconnect to the streaming session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new streaming instance.\n\nSpecify a value between 60 and 36000.", "title": "DisconnectTimeoutInSeconds", @@ -20683,6 +20743,9 @@ "title": "Platform", "type": "string" }, + "RootVolumeConfig": { + "$ref": "#/definitions/AWS::AppStream::Fleet.VolumeConfig" + }, "SessionScriptS3Location": { "$ref": "#/definitions/AWS::AppStream::Fleet.S3Location", "markdownDescription": "The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.", @@ -20794,6 +20857,15 @@ ], "type": "object" }, + "AWS::AppStream::Fleet.VolumeConfig": { + "additionalProperties": false, + "properties": { + "VolumeSizeInGb": { + "type": "number" + } + }, + "type": "object" + }, "AWS::AppStream::Fleet.VpcConfig": { "additionalProperties": false, "properties": { @@ -20909,6 +20981,21 @@ "title": "Name", "type": "string" }, + "RootVolumeConfig": { + "$ref": "#/definitions/AWS::AppStream::ImageBuilder.VolumeConfig" + }, + "SoftwaresToInstall": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SoftwaresToUninstall": { + "items": { + "type": "string" + }, + "type": "array" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -20986,6 +21073,15 @@ }, "type": "object" }, + "AWS::AppStream::ImageBuilder.VolumeConfig": { + "additionalProperties": false, + "properties": { + "VolumeSizeInGb": { + "type": "number" + } + }, + "type": "object" + }, "AWS::AppStream::ImageBuilder.VpcConfig": { "additionalProperties": false, "properties": { @@ -27535,6 +27631,12 @@ "markdownDescription": "The EC2 instance capacity distribution across Availability Zones for the Auto Scaling group.", "title": "AvailabilityZoneDistribution" }, + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "AvailabilityZoneImpairmentPolicy": { "$ref": "#/definitions/AWS::AutoScaling::AutoScalingGroup.AvailabilityZoneImpairmentPolicy", "markdownDescription": "The Availability Zone impairment policy for the Auto Scaling group.", @@ -31255,6 +31357,9 @@ "title": "S3Bucket", "type": "string" }, + "S3BucketOwner": { + "type": "string" + }, "S3OutputConfigurations": { "$ref": "#/definitions/AWS::BCMDataExports::Export.S3OutputConfigurations", "markdownDescription": "The output configuration for the data export.", @@ -33121,6 +33226,9 @@ "title": "PlacementGroup", "type": "string" }, + "ScalingPolicy": { + "$ref": "#/definitions/AWS::Batch::ComputeEnvironment.ComputeScalingPolicy" + }, "SecurityGroupIds": { "items": { "type": "string" @@ -33171,9 +33279,21 @@ ], "type": "object" }, + "AWS::Batch::ComputeEnvironment.ComputeScalingPolicy": { + "additionalProperties": false, + "properties": { + "MinScaleDownDelayMinutes": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Batch::ComputeEnvironment.Ec2ConfigurationObject": { "additionalProperties": false, "properties": { + "BatchImageStatus": { + "type": "string" + }, "ImageIdOverride": { "markdownDescription": "The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the `imageId` set in the `computeResource` object.\n\n> The AMI that you choose for a compute environment must match the architecture of the instance types that you intend to use for that compute environment. For example, if your compute environment uses A1 instance types, the compute resource AMI that you choose must support ARM instances. Amazon ECS vends both x86 and ARM versions of the Amazon ECS-optimized Amazon Linux 2 AMI. For more information, see [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux-variants.html) in the *Amazon Elastic Container Service Developer Guide* .", "title": "ImageIdOverride", @@ -35271,7 +35391,7 @@ ], "type": "object" }, - "AWS::Batch::SchedulingPolicy": { + "AWS::Batch::QuotaShare": { "additionalProperties": false, "properties": { "Condition": { @@ -35306,33 +35426,49 @@ "Properties": { "additionalProperties": false, "properties": { - "FairsharePolicy": { - "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.FairsharePolicy", - "markdownDescription": "The fair-share scheduling policy details.", - "title": "FairsharePolicy" + "CapacityLimits": { + "items": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaShareCapacityLimit" + }, + "type": "array" }, - "Name": { - "markdownDescription": "The name of the fair-share scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).", - "title": "Name", + "JobQueue": { + "type": "string" + }, + "PreemptionConfiguration": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaSharePreemptionConfiguration" + }, + "QuotaShareName": { + "type": "string" + }, + "ResourceSharingConfiguration": { + "$ref": "#/definitions/AWS::Batch::QuotaShare.QuotaShareResourceSharingConfiguration" + }, + "State": { "type": "string" }, "Tags": { "additionalProperties": true, - "markdownDescription": "The tags that you apply to the scheduling policy to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in *AWS General Reference* .\n\nThese tags can be updated or removed using the [TagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_UntagResource.html) API operations.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" } }, - "title": "Tags", "type": "object" } }, + "required": [ + "CapacityLimits", + "JobQueue", + "PreemptionConfiguration", + "QuotaShareName", + "ResourceSharingConfiguration" + ], "type": "object" }, "Type": { "enum": [ - "AWS::Batch::SchedulingPolicy" + "AWS::Batch::QuotaShare" ], "type": "string" }, @@ -35346,51 +35482,55 @@ } }, "required": [ - "Type" + "Type", + "Properties" ], "type": "object" }, - "AWS::Batch::SchedulingPolicy.FairsharePolicy": { + "AWS::Batch::QuotaShare.QuotaShareCapacityLimit": { "additionalProperties": false, "properties": { - "ComputeReservation": { - "markdownDescription": "A value used to reserve some of the available maximum vCPU for share identifiers that aren't already used.\n\nThe reserved ratio is `( *computeReservation* /100)^ *ActiveFairShares*` where `*ActiveFairShares*` is the number of active share identifiers.\n\nFor example, a `computeReservation` value of 50 indicates that AWS Batch reserves 50% of the maximum available vCPU if there's only one share identifier. It reserves 25% if there are two share identifiers. It reserves 12.5% if there are three share identifiers. A `computeReservation` value of 25 indicates that AWS Batch should reserve 25% of the maximum available vCPU if there's only one share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three share identifiers.\n\nThe minimum value is 0 and the maximum value is 99.", - "title": "ComputeReservation", - "type": "number" + "CapacityUnit": { + "type": "string" }, - "ShareDecaySeconds": { - "markdownDescription": "The amount of time (in seconds) to use to calculate a fair-share percentage for each share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).\n\nThe decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn't meet your needs.", - "title": "ShareDecaySeconds", + "MaxCapacity": { "type": "number" - }, - "ShareDistribution": { - "items": { - "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.ShareAttributes" - }, - "markdownDescription": "An array of `SharedIdentifier` objects that contain the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of `1.0` .", - "title": "ShareDistribution", - "type": "array" } }, + "required": [ + "CapacityUnit", + "MaxCapacity" + ], "type": "object" }, - "AWS::Batch::SchedulingPolicy.ShareAttributes": { + "AWS::Batch::QuotaShare.QuotaSharePreemptionConfiguration": { "additionalProperties": false, "properties": { - "ShareIdentifier": { - "markdownDescription": "A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA1` .\n\nThere can be no more than 500 share identifiers active in a job queue.\n\nThe string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).", - "title": "ShareIdentifier", + "InSharePreemption": { "type": "string" - }, - "WeightFactor": { - "markdownDescription": "The weight factor for the share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.\n\nThe smallest supported value is 0.0001, and the largest supported value is 999.9999.", - "title": "WeightFactor", + } + }, + "required": [ + "InSharePreemption" + ], + "type": "object" + }, + "AWS::Batch::QuotaShare.QuotaShareResourceSharingConfiguration": { + "additionalProperties": false, + "properties": { + "BorrowLimit": { "type": "number" + }, + "Strategy": { + "type": "string" } }, + "required": [ + "Strategy" + ], "type": "object" }, - "AWS::Batch::ServiceEnvironment": { + "AWS::Batch::SchedulingPolicy": { "additionalProperties": false, "properties": { "Condition": { @@ -35425,32 +35565,22 @@ "Properties": { "additionalProperties": false, "properties": { - "CapacityLimits": { - "items": { - "$ref": "#/definitions/AWS::Batch::ServiceEnvironment.CapacityLimit" - }, - "markdownDescription": "The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.", - "title": "CapacityLimits", - "type": "array" - }, - "ServiceEnvironmentName": { - "markdownDescription": "The name of the service environment.", - "title": "ServiceEnvironmentName", - "type": "string" + "FairsharePolicy": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.FairsharePolicy", + "markdownDescription": "The fair-share scheduling policy details.", + "title": "FairsharePolicy" }, - "ServiceEnvironmentType": { - "markdownDescription": "The type of service environment. For SageMaker Training jobs, this value is `SAGEMAKER_TRAINING` .", - "title": "ServiceEnvironmentType", + "Name": { + "markdownDescription": "The name of the fair-share scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).", + "title": "Name", "type": "string" }, - "State": { - "markdownDescription": "The state of the service environment. Valid values are `ENABLED` and `DISABLED` .", - "title": "State", - "type": "string" + "QuotaSharePolicy": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.QuotaSharePolicy" }, "Tags": { "additionalProperties": true, - "markdownDescription": "The tags associated with the service environment. Each tag consists of a key and an optional value. For more information, see [Tagging your AWS Batch resources](https://docs.aws.amazon.com/batch/latest/userguide/using-tags.html) .", + "markdownDescription": "The tags that you apply to the scheduling policy to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in *AWS General Reference* .\n\nThese tags can be updated or removed using the [TagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/batch/latest/APIReference/API_UntagResource.html) API operations.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -35460,15 +35590,11 @@ "type": "object" } }, - "required": [ - "CapacityLimits", - "ServiceEnvironmentType" - ], "type": "object" }, "Type": { "enum": [ - "AWS::Batch::ServiceEnvironment" + "AWS::Batch::SchedulingPolicy" ], "type": "string" }, @@ -35482,28 +35608,261 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, - "AWS::Batch::ServiceEnvironment.CapacityLimit": { + "AWS::Batch::SchedulingPolicy.FairsharePolicy": { "additionalProperties": false, "properties": { - "CapacityUnit": { - "markdownDescription": "The unit of measure for the capacity limit. This defines how the maxCapacity value should be interpreted. For `SAGEMAKER_TRAINING` jobs, use `NUM_INSTANCES` .", - "title": "CapacityUnit", + "ComputeReservation": { + "markdownDescription": "A value used to reserve some of the available maximum vCPU for share identifiers that aren't already used.\n\nThe reserved ratio is `( *computeReservation* /100)^ *ActiveFairShares*` where `*ActiveFairShares*` is the number of active share identifiers.\n\nFor example, a `computeReservation` value of 50 indicates that AWS Batch reserves 50% of the maximum available vCPU if there's only one share identifier. It reserves 25% if there are two share identifiers. It reserves 12.5% if there are three share identifiers. A `computeReservation` value of 25 indicates that AWS Batch should reserve 25% of the maximum available vCPU if there's only one share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three share identifiers.\n\nThe minimum value is 0 and the maximum value is 99.", + "title": "ComputeReservation", + "type": "number" + }, + "ShareDecaySeconds": { + "markdownDescription": "The amount of time (in seconds) to use to calculate a fair-share percentage for each share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).\n\nThe decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn't meet your needs.", + "title": "ShareDecaySeconds", + "type": "number" + }, + "ShareDistribution": { + "items": { + "$ref": "#/definitions/AWS::Batch::SchedulingPolicy.ShareAttributes" + }, + "markdownDescription": "An array of `SharedIdentifier` objects that contain the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of `1.0` .", + "title": "ShareDistribution", + "type": "array" + } + }, + "type": "object" + }, + "AWS::Batch::SchedulingPolicy.QuotaSharePolicy": { + "additionalProperties": false, + "properties": { + "IdleResourceAssignmentStrategy": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Batch::SchedulingPolicy.ShareAttributes": { + "additionalProperties": false, + "properties": { + "ShareIdentifier": { + "markdownDescription": "A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA1` .\n\nThere can be no more than 500 share identifiers active in a job queue.\n\nThe string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).", + "title": "ShareIdentifier", "type": "string" }, - "MaxCapacity": { - "markdownDescription": "The maximum capacity available for the service environment. This value represents the maximum amount resources that can be allocated to service jobs.\n\nFor example, `maxCapacity=50` , `capacityUnit=NUM_INSTANCES` . This indicates that the maximum number of instances that can be run on this service environment is 50. You could then run 5 SageMaker Training jobs that each use 10 instances. However, if you submit another job that requires 10 instances, it will wait in the queue.", - "title": "MaxCapacity", + "WeightFactor": { + "markdownDescription": "The weight factor for the share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.\n\nThe smallest supported value is 0.0001, and the largest supported value is 999.9999.", + "title": "WeightFactor", "type": "number" } }, "type": "object" }, - "AWS::Bedrock::Agent": { + "AWS::Batch::ServiceEnvironment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CapacityLimits": { + "items": { + "$ref": "#/definitions/AWS::Batch::ServiceEnvironment.CapacityLimit" + }, + "markdownDescription": "The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.", + "title": "CapacityLimits", + "type": "array" + }, + "ServiceEnvironmentName": { + "markdownDescription": "The name of the service environment.", + "title": "ServiceEnvironmentName", + "type": "string" + }, + "ServiceEnvironmentType": { + "markdownDescription": "The type of service environment. For SageMaker Training jobs, this value is `SAGEMAKER_TRAINING` .", + "title": "ServiceEnvironmentType", + "type": "string" + }, + "State": { + "markdownDescription": "The state of the service environment. Valid values are `ENABLED` and `DISABLED` .", + "title": "State", + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags associated with the service environment. Each tag consists of a key and an optional value. For more information, see [Tagging your AWS Batch resources](https://docs.aws.amazon.com/batch/latest/userguide/using-tags.html) .", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "CapacityLimits", + "ServiceEnvironmentType" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Batch::ServiceEnvironment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Batch::ServiceEnvironment.CapacityLimit": { + "additionalProperties": false, + "properties": { + "CapacityUnit": { + "markdownDescription": "The unit of measure for the capacity limit. This defines how the maxCapacity value should be interpreted. For `SAGEMAKER_TRAINING` jobs, use `NUM_INSTANCES` .", + "title": "CapacityUnit", + "type": "string" + }, + "MaxCapacity": { + "markdownDescription": "The maximum capacity available for the service environment. This value represents the maximum amount resources that can be allocated to service jobs.\n\nFor example, `maxCapacity=50` , `capacityUnit=NUM_INSTANCES` . This indicates that the maximum number of instances that can be run on this service environment is 50. You could then run 5 SageMaker Training jobs that each use 10 instances. However, if you submit another job that requires 10 instances, it will wait in the queue.", + "title": "MaxCapacity", + "type": "number" + } + }, + "type": "object" + }, + "AWS::BcmPricingCalculator::BillScenario": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CostCategoryGroupSharingPreferenceArn": { + "type": "string" + }, + "ExpiresAt": { + "type": "string" + }, + "GroupSharingPreference": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BcmPricingCalculator::BillScenario" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::BcmPricingCalculator::BillScenario.BillInterval": { + "additionalProperties": false, + "properties": { + "End": { + "type": "string" + }, + "Start": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Bedrock::Agent": { "additionalProperties": false, "properties": { "Condition": { @@ -36760,6 +37119,119 @@ ], "type": "object" }, + "AWS::Bedrock::DataAutomationLibrary": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "EncryptionConfiguration": { + "$ref": "#/definitions/AWS::Bedrock::DataAutomationLibrary.EncryptionConfiguration" + }, + "LibraryDescription": { + "type": "string" + }, + "LibraryName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "LibraryName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Bedrock::DataAutomationLibrary" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Bedrock::DataAutomationLibrary.EncryptionConfiguration": { + "additionalProperties": false, + "properties": { + "KmsEncryptionContext": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "KmsKeyId": { + "type": "string" + } + }, + "required": [ + "KmsKeyId" + ], + "type": "object" + }, + "AWS::Bedrock::DataAutomationLibrary.EntityTypeInfo": { + "additionalProperties": false, + "properties": { + "EntityMetadata": { + "type": "string" + }, + "EntityType": { + "type": "string" + } + }, + "required": [ + "EntityType" + ], + "type": "object" + }, "AWS::Bedrock::DataAutomationProject": { "additionalProperties": false, "properties": { @@ -38534,6 +39006,115 @@ ], "type": "object" }, + "AWS::Bedrock::EnforcedGuardrailConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "GuardrailIdentifier": { + "type": "string" + }, + "GuardrailVersion": { + "type": "string" + }, + "ModelEnforcement": { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration.ModelEnforcement" + }, + "SelectiveContentGuarding": { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration.SelectiveContentGuarding" + } + }, + "required": [ + "GuardrailIdentifier", + "GuardrailVersion" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Bedrock::EnforcedGuardrailConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Bedrock::EnforcedGuardrailConfiguration.ModelEnforcement": { + "additionalProperties": false, + "properties": { + "ExcludedModels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IncludedModels": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ExcludedModels", + "IncludedModels" + ], + "type": "object" + }, + "AWS::Bedrock::EnforcedGuardrailConfiguration.SelectiveContentGuarding": { + "additionalProperties": false, + "properties": { + "Messages": { + "type": "string" + }, + "System": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Bedrock::Flow": { "additionalProperties": false, "properties": { @@ -43630,7 +44211,7 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom": { + "AWS::Bedrock::ResourcePolicy": { "additionalProperties": false, "properties": { "Condition": { @@ -43665,57 +44246,22 @@ "Properties": { "additionalProperties": false, "properties": { - "BrowserSigning": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserSigning", - "markdownDescription": "", - "title": "BrowserSigning" - }, - "Description": { - "markdownDescription": "The custom browser.", - "title": "Description", - "type": "string" - }, - "ExecutionRoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the execution role.", - "title": "ExecutionRoleArn", - "type": "string" + "PolicyDocument": { + "type": "object" }, - "Name": { - "markdownDescription": "The name of the custom browser.", - "title": "Name", + "ResourceArn": { "type": "string" - }, - "NetworkConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration", - "markdownDescription": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", - "title": "NetworkConfiguration" - }, - "RecordingConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.RecordingConfig", - "markdownDescription": "THe custom browser configuration.", - "title": "RecordingConfig" - }, - "Tags": { - "additionalProperties": true, - "markdownDescription": "The tags for the custom browser.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "Tags", - "type": "object" } }, "required": [ - "Name", - "NetworkConfiguration" + "PolicyDocument", + "ResourceArn" ], "type": "object" }, "Type": { "enum": [ - "AWS::BedrockAgentCore::BrowserCustom" + "AWS::Bedrock::ResourcePolicy" ], "type": "string" }, @@ -43734,99 +44280,366 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration": { + "AWS::BedrockAgentCore::ApiKeyCredentialProvider": { "additionalProperties": false, "properties": { - "NetworkMode": { - "markdownDescription": "The network mode.", - "title": "NetworkMode", + "Condition": { "type": "string" }, - "VpcConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.VpcConfig", - "markdownDescription": "", - "title": "VpcConfig" - } - }, - "required": [ - "NetworkMode" - ], - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.BrowserSigning": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "", - "title": "Enabled", - "type": "boolean" - } - }, - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.RecordingConfig": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "The recording configuration for a browser. This structure defines how browser sessions are recorded.", - "title": "Enabled", - "type": "boolean" + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" }, - "S3Location": { - "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.S3Location", - "markdownDescription": "The S3 location.", - "title": "S3Location" - } - }, - "type": "object" - }, - "AWS::BedrockAgentCore::BrowserCustom.S3Location": { - "additionalProperties": false, - "properties": { - "Bucket": { - "markdownDescription": "The S3 location bucket name.", - "title": "Bucket", + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ApiKey": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::ApiKeyCredentialProvider" + ], "type": "string" }, - "Prefix": { - "markdownDescription": "The S3 location object prefix.", - "title": "Prefix", + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], "type": "string" } }, "required": [ - "Bucket", - "Prefix" + "Type", + "Properties" ], "type": "object" }, - "AWS::BedrockAgentCore::BrowserCustom.VpcConfig": { + "AWS::BedrockAgentCore::ApiKeyCredentialProvider.ApiKeySecretArn": { "additionalProperties": false, "properties": { - "SecurityGroups": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "SecurityGroups", - "type": "array" - }, - "Subnets": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "Subnets", - "type": "array" + "SecretArn": { + "type": "string" } }, "required": [ - "SecurityGroups", - "Subnets" + "SecretArn" ], "type": "object" }, - "AWS::BedrockAgentCore::CodeInterpreterCustom": { + "AWS::BedrockAgentCore::BrowserCustom": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BrowserSigning": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserSigning", + "markdownDescription": "", + "title": "BrowserSigning" + }, + "Description": { + "markdownDescription": "The custom browser.", + "title": "Description", + "type": "string" + }, + "ExecutionRoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the execution role.", + "title": "ExecutionRoleArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the custom browser.", + "title": "Name", + "type": "string" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration", + "markdownDescription": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", + "title": "NetworkConfiguration" + }, + "RecordingConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.RecordingConfig", + "markdownDescription": "THe custom browser configuration.", + "title": "RecordingConfig" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags for the custom browser.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "Name", + "NetworkConfiguration" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::BrowserCustom" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.BrowserNetworkConfiguration": { + "additionalProperties": false, + "properties": { + "NetworkMode": { + "markdownDescription": "The network mode.", + "title": "NetworkMode", + "type": "string" + }, + "VpcConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.VpcConfig", + "markdownDescription": "", + "title": "VpcConfig" + } + }, + "required": [ + "NetworkMode" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.BrowserSigning": { + "additionalProperties": false, + "properties": { + "Enabled": { + "markdownDescription": "", + "title": "Enabled", + "type": "boolean" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.RecordingConfig": { + "additionalProperties": false, + "properties": { + "Enabled": { + "markdownDescription": "The recording configuration for a browser. This structure defines how browser sessions are recorded.", + "title": "Enabled", + "type": "boolean" + }, + "S3Location": { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom.S3Location", + "markdownDescription": "The S3 location.", + "title": "S3Location" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "markdownDescription": "The S3 location bucket name.", + "title": "Bucket", + "type": "string" + }, + "Prefix": { + "markdownDescription": "The S3 location object prefix.", + "title": "Prefix", + "type": "string" + } + }, + "required": [ + "Bucket", + "Prefix" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserCustom.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroups": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "SecurityGroups", + "type": "array" + }, + "Subnets": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Subnets", + "type": "array" + } + }, + "required": [ + "SecurityGroups", + "Subnets" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::BrowserProfile": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::BrowserProfile" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::CodeInterpreterCustom": { "additionalProperties": false, "properties": { "Condition": { @@ -43965,6 +44778,246 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Evaluator": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "EvaluatorConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.EvaluatorConfig" + }, + "EvaluatorName": { + "type": "string" + }, + "Level": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "EvaluatorConfig", + "EvaluatorName", + "Level" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Evaluator" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.BedrockEvaluatorModelConfig": { + "additionalProperties": false, + "properties": { + "AdditionalModelRequestFields": { + "type": "object" + }, + "InferenceConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.InferenceConfiguration" + }, + "ModelId": { + "type": "string" + } + }, + "required": [ + "ModelId" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.CategoricalScaleDefinition": { + "additionalProperties": false, + "properties": { + "Definition": { + "type": "string" + }, + "Label": { + "type": "string" + } + }, + "required": [ + "Definition", + "Label" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.CodeBasedEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "LambdaConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.LambdaEvaluatorConfig" + } + }, + "required": [ + "LambdaConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.EvaluatorConfig": { + "additionalProperties": false, + "properties": { + "CodeBased": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.CodeBasedEvaluatorConfig" + }, + "LlmAsAJudge": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.LlmAsAJudgeEvaluatorConfig" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.EvaluatorModelConfig": { + "additionalProperties": false, + "properties": { + "BedrockEvaluatorModelConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.BedrockEvaluatorModelConfig" + } + }, + "required": [ + "BedrockEvaluatorModelConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.InferenceConfiguration": { + "additionalProperties": false, + "properties": { + "MaxTokens": { + "type": "number" + }, + "Temperature": { + "type": "number" + }, + "TopP": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.LambdaEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "LambdaArn": { + "type": "string" + }, + "LambdaTimeoutInSeconds": { + "type": "number" + } + }, + "required": [ + "LambdaArn" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.LlmAsAJudgeEvaluatorConfig": { + "additionalProperties": false, + "properties": { + "Instructions": { + "type": "string" + }, + "ModelConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.EvaluatorModelConfig" + }, + "RatingScale": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.RatingScale" + } + }, + "required": [ + "Instructions", + "ModelConfig", + "RatingScale" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.NumericalScaleDefinition": { + "additionalProperties": false, + "properties": { + "Definition": { + "type": "string" + }, + "Label": { + "type": "string" + }, + "Value": { + "type": "number" + } + }, + "required": [ + "Definition", + "Label", + "Value" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Evaluator.RatingScale": { + "additionalProperties": false, + "properties": { + "Categorical": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.CategoricalScaleDefinition" + }, + "type": "array" + }, + "Numerical": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator.NumericalScaleDefinition" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::BedrockAgentCore::Gateway": { "additionalProperties": false, "properties": { @@ -44038,6 +45091,9 @@ "title": "Name", "type": "string" }, + "PolicyEngineConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway.GatewayPolicyEngineConfiguration" + }, "ProtocolConfiguration": { "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway.GatewayProtocolConfiguration", "markdownDescription": "The protocol configuration for the gateway target.", @@ -44247,6 +45303,22 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Gateway.GatewayPolicyEngineConfiguration": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "Mode": { + "type": "string" + } + }, + "required": [ + "Arn", + "Mode" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Gateway.GatewayProtocolConfiguration": { "additionalProperties": false, "properties": { @@ -44573,6 +45645,9 @@ "markdownDescription": "The API key credential provider.", "title": "ApiKeyCredentialProvider" }, + "IamCredentialProvider": { + "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.IamCredentialProvider" + }, "OauthCredentialProvider": { "$ref": "#/definitions/AWS::BedrockAgentCore::GatewayTarget.OAuthCredentialProvider", "markdownDescription": "The OAuth credential provider for the gateway target.", @@ -44600,6 +45675,21 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::GatewayTarget.IamCredentialProvider": { + "additionalProperties": false, + "properties": { + "Region": { + "type": "string" + }, + "Service": { + "type": "string" + } + }, + "required": [ + "Service" + ], + "type": "object" + }, "AWS::BedrockAgentCore::GatewayTarget.McpLambdaTargetConfiguration": { "additionalProperties": false, "properties": { @@ -44928,6 +46018,9 @@ "title": "Name", "type": "string" }, + "StreamDeliveryResources": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.StreamDeliveryResources" + }, "Tags": { "additionalProperties": true, "markdownDescription": "The tags for the resources.", @@ -44967,6 +46060,21 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Memory.ContentConfiguration": { + "additionalProperties": false, + "properties": { + "Level": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.CustomConfigurationInput": { "additionalProperties": false, "properties": { @@ -45021,6 +46129,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45073,6 +46187,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45186,6 +46306,12 @@ "title": "ModelId", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45204,6 +46330,12 @@ "AWS::BedrockAgentCore::Memory.EpisodicReflectionConfigurationInput": { "additionalProperties": false, "properties": { + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45213,9 +46345,6 @@ "type": "array" } }, - "required": [ - "Namespaces" - ], "type": "object" }, "AWS::BedrockAgentCore::Memory.InvocationConfigurationInput": { @@ -45234,6 +46363,25 @@ }, "type": "object" }, + "AWS::BedrockAgentCore::Memory.KinesisResource": { + "additionalProperties": false, + "properties": { + "ContentConfigurations": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.ContentConfiguration" + }, + "type": "array" + }, + "DataStreamArn": { + "type": "string" + } + }, + "required": [ + "ContentConfigurations", + "DataStreamArn" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.MemoryStrategy": { "additionalProperties": false, "properties": { @@ -45318,6 +46466,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45408,6 +46562,30 @@ ], "type": "object" }, + "AWS::BedrockAgentCore::Memory.StreamDeliveryResource": { + "additionalProperties": false, + "properties": { + "Kinesis": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.KinesisResource" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Memory.StreamDeliveryResources": { + "additionalProperties": false, + "properties": { + "Resources": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Memory.StreamDeliveryResource" + }, + "type": "array" + } + }, + "required": [ + "Resources" + ], + "type": "object" + }, "AWS::BedrockAgentCore::Memory.SummaryMemoryStrategy": { "additionalProperties": false, "properties": { @@ -45426,6 +46604,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45552,6 +46736,12 @@ "title": "Name", "type": "string" }, + "NamespaceTemplates": { + "items": { + "type": "string" + }, + "type": "array" + }, "Namespaces": { "items": { "type": "string" @@ -45642,7 +46832,7 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider": { "additionalProperties": false, "properties": { "Condition": { @@ -45677,85 +46867,31 @@ "Properties": { "additionalProperties": false, "properties": { - "AgentRuntimeArtifact": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact", - "markdownDescription": "The artifact of the agent.", - "title": "AgentRuntimeArtifact" - }, - "AgentRuntimeName": { - "markdownDescription": "The name of the AgentCore Runtime endpoint.", - "title": "AgentRuntimeName", - "type": "string" - }, - "AuthorizerConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration", - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "AuthorizerConfiguration" - }, - "Description": { - "markdownDescription": "The agent runtime description.", - "title": "Description", + "CredentialProviderVendor": { "type": "string" }, - "EnvironmentVariables": { - "additionalProperties": true, - "markdownDescription": "The environment variables for the agent.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "EnvironmentVariables", - "type": "object" - }, - "LifecycleConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.LifecycleConfiguration", - "markdownDescription": "", - "title": "LifecycleConfiguration" - }, - "NetworkConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.NetworkConfiguration", - "markdownDescription": "The network configuration.", - "title": "NetworkConfiguration" - }, - "ProtocolConfiguration": { - "markdownDescription": "The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.", - "title": "ProtocolConfiguration", + "Name": { "type": "string" }, - "RequestHeaderConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration", - "markdownDescription": "", - "title": "RequestHeaderConfiguration" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for for the role.", - "title": "RoleArn", - "type": "string" + "Oauth2ProviderConfigInput": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigInput" }, "Tags": { - "additionalProperties": true, - "markdownDescription": "The tags for the agent.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } + "items": { + "$ref": "#/definitions/Tag" }, - "title": "Tags", - "type": "object" + "type": "array" } }, "required": [ - "AgentRuntimeArtifact", - "AgentRuntimeName", - "NetworkConfiguration", - "RoleArn" + "CredentialProviderVendor", + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::BedrockAgentCore::Runtime" + "AWS::BedrockAgentCore::OAuth2CredentialProvider" ], "type": "string" }, @@ -45774,295 +46910,1129 @@ ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.AtlassianOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "CodeConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CodeConfiguration", - "markdownDescription": "", - "title": "CodeConfiguration" + "ClientId": { + "type": "string" }, - "ContainerConfiguration": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ContainerConfiguration", - "markdownDescription": "Representation of a container configuration.", - "title": "ContainerConfiguration" + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.ClientSecretArn": { "additionalProperties": false, "properties": { - "CustomJWTAuthorizer": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration", - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "CustomJWTAuthorizer" + "SecretArn": { + "type": "string" } }, + "required": [ + "SecretArn" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.CustomOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "ClaimMatchOperator": { + "ClientId": { "type": "string" }, - "ClaimMatchValue": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ClaimMatchValueType" + "ClientSecret": { + "type": "string" + }, + "OauthDiscovery": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery" } }, "required": [ - "ClaimMatchOperator", - "ClaimMatchValue" + "ClientId", + "ClientSecret", + "OauthDiscovery" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.ClaimMatchValueType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.GithubOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "MatchValueString": { + "ClientId": { "type": "string" }, - "MatchValueStringList": { - "items": { - "type": "string" - }, - "type": "array" + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.Code": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.GoogleOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "S3": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.S3Location", - "markdownDescription": "", - "title": "S3" + "ClientId": { + "type": "string" + }, + "ClientSecret": { + "type": "string" } }, + "required": [ + "ClientId", + "ClientSecret" + ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CodeConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.IncludedOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "Code": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.Code", - "markdownDescription": "", - "title": "Code" + "AuthorizationEndpoint": { + "type": "string" }, - "EntryPoint": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "EntryPoint", - "type": "array" + "ClientId": { + "type": "string" }, - "Runtime": { - "markdownDescription": "", - "title": "Runtime", + "ClientSecret": { + "type": "string" + }, + "Issuer": { + "type": "string" + }, + "TokenEndpoint": { "type": "string" } }, "required": [ - "Code", - "EntryPoint", - "Runtime" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.ContainerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.LinkedinOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "ContainerUri": { - "markdownDescription": "The container Uri.", - "title": "ContainerUri", + "ClientId": { + "type": "string" + }, + "ClientSecret": { "type": "string" } }, "required": [ - "ContainerUri" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CustomClaimValidationType": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.MicrosoftOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "AuthorizingClaimMatchValue": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType" + "ClientId": { + "type": "string" }, - "InboundTokenClaimName": { + "ClientSecret": { "type": "string" }, - "InboundTokenClaimValueType": { + "TenantId": { "type": "string" } }, "required": [ - "AuthorizingClaimMatchValue", - "InboundTokenClaimName", - "InboundTokenClaimValueType" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2AuthorizationServerMetadata": { "additionalProperties": false, "properties": { - "AllowedAudience": { - "items": { - "type": "string" - }, - "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", - "title": "AllowedAudience", - "type": "array" + "AuthorizationEndpoint": { + "type": "string" }, - "AllowedClients": { - "items": { - "type": "string" - }, - "markdownDescription": "Represents individual client IDs that are validated in the incoming JWT token validation process.", - "title": "AllowedClients", - "type": "array" + "Issuer": { + "type": "string" }, - "AllowedScopes": { + "ResponseTypes": { "items": { "type": "string" }, "type": "array" }, - "CustomClaims": { - "items": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomClaimValidationType" - }, - "type": "array" - }, - "DiscoveryUrl": { - "markdownDescription": "The configuration authorization.", - "title": "DiscoveryUrl", + "TokenEndpoint": { "type": "string" } }, "required": [ - "DiscoveryUrl" + "AuthorizationEndpoint", + "Issuer", + "TokenEndpoint" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.LifecycleConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery": { "additionalProperties": false, "properties": { - "IdleRuntimeSessionTimeout": { - "markdownDescription": "", - "title": "IdleRuntimeSessionTimeout", - "type": "number" + "AuthorizationServerMetadata": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2AuthorizationServerMetadata" }, - "MaxLifetime": { - "markdownDescription": "", - "title": "MaxLifetime", - "type": "number" + "DiscoveryUrl": { + "type": "string" } }, "type": "object" }, - "AWS::BedrockAgentCore::Runtime.NetworkConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "NetworkMode": { - "markdownDescription": "The network mode.", - "title": "NetworkMode", - "type": "string" + "AtlassianOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.AtlassianOauth2ProviderConfigInput" }, - "NetworkModeConfig": { - "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.VpcConfig", - "markdownDescription": "", - "title": "NetworkModeConfig" + "CustomOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.CustomOauth2ProviderConfigInput" + }, + "GithubOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.GithubOauth2ProviderConfigInput" + }, + "GoogleOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.GoogleOauth2ProviderConfigInput" + }, + "IncludedOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.IncludedOauth2ProviderConfigInput" + }, + "LinkedinOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.LinkedinOauth2ProviderConfigInput" + }, + "MicrosoftOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.MicrosoftOauth2ProviderConfigInput" + }, + "SalesforceOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.SalesforceOauth2ProviderConfigInput" + }, + "SlackOauth2ProviderConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.SlackOauth2ProviderConfigInput" } }, - "required": [ - "NetworkMode" - ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2ProviderConfigOutput": { "additionalProperties": false, "properties": { - "RequestHeaderAllowlist": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "RequestHeaderAllowlist", - "type": "array" + "ClientId": { + "type": "string" + }, + "OauthDiscovery": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider.Oauth2Discovery" } }, "type": "object" }, - "AWS::BedrockAgentCore::Runtime.S3Location": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.SalesforceOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "Bucket": { - "markdownDescription": "", - "title": "Bucket", - "type": "string" - }, - "Prefix": { - "markdownDescription": "", - "title": "Prefix", + "ClientId": { "type": "string" }, - "VersionId": { - "markdownDescription": "", - "title": "VersionId", + "ClientSecret": { "type": "string" } }, "required": [ - "Bucket", - "Prefix" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::Runtime.VpcConfig": { + "AWS::BedrockAgentCore::OAuth2CredentialProvider.SlackOauth2ProviderConfigInput": { "additionalProperties": false, "properties": { - "SecurityGroups": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "SecurityGroups", - "type": "array" + "ClientId": { + "type": "string" }, - "Subnets": { - "items": { - "type": "string" - }, - "markdownDescription": "", - "title": "Subnets", - "type": "array" - } - }, - "required": [ - "SecurityGroups", - "Subnets" - ], - "type": "object" - }, - "AWS::BedrockAgentCore::Runtime.WorkloadIdentityDetails": { - "additionalProperties": false, - "properties": { - "WorkloadIdentityArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for the workload identity.", - "title": "WorkloadIdentityArn", + "ClientSecret": { "type": "string" } }, "required": [ - "WorkloadIdentityArn" + "ClientId", + "ClientSecret" ], "type": "object" }, - "AWS::BedrockAgentCore::RuntimeEndpoint": { + "AWS::BedrockAgentCore::OnlineEvaluationConfig": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DataSourceConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.DataSourceConfig" + }, + "Description": { + "type": "string" + }, + "EvaluationExecutionRoleArn": { + "type": "string" + }, + "Evaluators": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.EvaluatorReference" + }, + "type": "array" + }, + "ExecutionStatus": { + "type": "string" + }, + "OnlineEvaluationConfigName": { + "type": "string" + }, + "Rule": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.Rule" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DataSourceConfig", + "EvaluationExecutionRoleArn", + "Evaluators", + "OnlineEvaluationConfigName", + "Rule" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::OnlineEvaluationConfig" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchLogsInputConfig": { + "additionalProperties": false, + "properties": { + "LogGroupNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ServiceNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "LogGroupNames", + "ServiceNames" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchOutputConfig": { + "additionalProperties": false, + "properties": { + "LogGroupName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.DataSourceConfig": { + "additionalProperties": false, + "properties": { + "CloudWatchLogs": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchLogsInputConfig" + } + }, + "required": [ + "CloudWatchLogs" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.EvaluatorReference": { + "additionalProperties": false, + "properties": { + "EvaluatorId": { + "type": "string" + } + }, + "required": [ + "EvaluatorId" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.Filter": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Operator": { + "type": "string" + }, + "Value": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.FilterValue" + } + }, + "required": [ + "Key", + "Operator", + "Value" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.FilterValue": { + "additionalProperties": false, + "properties": { + "BooleanValue": { + "type": "boolean" + }, + "DoubleValue": { + "type": "number" + }, + "StringValue": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.OutputConfig": { + "additionalProperties": false, + "properties": { + "CloudWatchConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.CloudWatchOutputConfig" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.Rule": { + "additionalProperties": false, + "properties": { + "Filters": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.Filter" + }, + "type": "array" + }, + "SamplingConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.SamplingConfig" + }, + "SessionConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig.SessionConfig" + } + }, + "required": [ + "SamplingConfig" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.SamplingConfig": { + "additionalProperties": false, + "properties": { + "SamplingPercentage": { + "type": "number" + } + }, + "required": [ + "SamplingPercentage" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::OnlineEvaluationConfig.SessionConfig": { + "additionalProperties": false, + "properties": { + "SessionTimeoutMinutes": { + "type": "number" + } + }, + "required": [ + "SessionTimeoutMinutes" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Definition": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy.PolicyDefinition" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "PolicyEngineId": { + "type": "string" + }, + "ValidationMode": { + "type": "string" + } + }, + "required": [ + "Definition", + "Name", + "PolicyEngineId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Policy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy.CedarPolicy": { + "additionalProperties": false, + "properties": { + "Statement": { + "type": "string" + } + }, + "required": [ + "Statement" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Policy.PolicyDefinition": { + "additionalProperties": false, + "properties": { + "Cedar": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy.CedarPolicy" + } + }, + "required": [ + "Cedar" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::PolicyEngine": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "EncryptionKeyArn": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::PolicyEngine" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AgentRuntimeArtifact": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact", + "markdownDescription": "The artifact of the agent.", + "title": "AgentRuntimeArtifact" + }, + "AgentRuntimeName": { + "markdownDescription": "The name of the AgentCore Runtime endpoint.", + "title": "AgentRuntimeName", + "type": "string" + }, + "AuthorizerConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration", + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "AuthorizerConfiguration" + }, + "Description": { + "markdownDescription": "The agent runtime description.", + "title": "Description", + "type": "string" + }, + "EnvironmentVariables": { + "additionalProperties": true, + "markdownDescription": "The environment variables for the agent.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "EnvironmentVariables", + "type": "object" + }, + "FilesystemConfigurations": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.FilesystemConfiguration" + }, + "type": "array" + }, + "LifecycleConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.LifecycleConfiguration", + "markdownDescription": "", + "title": "LifecycleConfiguration" + }, + "NetworkConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.NetworkConfiguration", + "markdownDescription": "The network configuration.", + "title": "NetworkConfiguration" + }, + "ProtocolConfiguration": { + "markdownDescription": "The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.", + "title": "ProtocolConfiguration", + "type": "string" + }, + "RequestHeaderConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration", + "markdownDescription": "", + "title": "RequestHeaderConfiguration" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) for for the role.", + "title": "RoleArn", + "type": "string" + }, + "Tags": { + "additionalProperties": true, + "markdownDescription": "The tags for the agent.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "title": "Tags", + "type": "object" + } + }, + "required": [ + "AgentRuntimeArtifact", + "AgentRuntimeName", + "NetworkConfiguration", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockAgentCore::Runtime" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AgentRuntimeArtifact": { + "additionalProperties": false, + "properties": { + "CodeConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CodeConfiguration", + "markdownDescription": "", + "title": "CodeConfiguration" + }, + "ContainerConfiguration": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ContainerConfiguration", + "markdownDescription": "Representation of a container configuration.", + "title": "ContainerConfiguration" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AuthorizerConfiguration": { + "additionalProperties": false, + "properties": { + "CustomJWTAuthorizer": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration", + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "CustomJWTAuthorizer" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType": { + "additionalProperties": false, + "properties": { + "ClaimMatchOperator": { + "type": "string" + }, + "ClaimMatchValue": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.ClaimMatchValueType" + } + }, + "required": [ + "ClaimMatchOperator", + "ClaimMatchValue" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.ClaimMatchValueType": { + "additionalProperties": false, + "properties": { + "MatchValueString": { + "type": "string" + }, + "MatchValueStringList": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.Code": { + "additionalProperties": false, + "properties": { + "S3": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.S3Location", + "markdownDescription": "", + "title": "S3" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CodeConfiguration": { + "additionalProperties": false, + "properties": { + "Code": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.Code", + "markdownDescription": "", + "title": "Code" + }, + "EntryPoint": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "EntryPoint", + "type": "array" + }, + "Runtime": { + "markdownDescription": "", + "title": "Runtime", + "type": "string" + } + }, + "required": [ + "Code", + "EntryPoint", + "Runtime" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.ContainerConfiguration": { + "additionalProperties": false, + "properties": { + "ContainerUri": { + "markdownDescription": "The container Uri.", + "title": "ContainerUri", + "type": "string" + } + }, + "required": [ + "ContainerUri" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CustomClaimValidationType": { + "additionalProperties": false, + "properties": { + "AuthorizingClaimMatchValue": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.AuthorizingClaimMatchValueType" + }, + "InboundTokenClaimName": { + "type": "string" + }, + "InboundTokenClaimValueType": { + "type": "string" + } + }, + "required": [ + "AuthorizingClaimMatchValue", + "InboundTokenClaimName", + "InboundTokenClaimValueType" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.CustomJWTAuthorizerConfiguration": { + "additionalProperties": false, + "properties": { + "AllowedAudience": { + "items": { + "type": "string" + }, + "markdownDescription": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "title": "AllowedAudience", + "type": "array" + }, + "AllowedClients": { + "items": { + "type": "string" + }, + "markdownDescription": "Represents individual client IDs that are validated in the incoming JWT token validation process.", + "title": "AllowedClients", + "type": "array" + }, + "AllowedScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CustomClaims": { + "items": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.CustomClaimValidationType" + }, + "type": "array" + }, + "DiscoveryUrl": { + "markdownDescription": "The configuration authorization.", + "title": "DiscoveryUrl", + "type": "string" + } + }, + "required": [ + "DiscoveryUrl" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.FilesystemConfiguration": { + "additionalProperties": false, + "properties": { + "SessionStorage": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.SessionStorageConfiguration" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.LifecycleConfiguration": { + "additionalProperties": false, + "properties": { + "IdleRuntimeSessionTimeout": { + "markdownDescription": "", + "title": "IdleRuntimeSessionTimeout", + "type": "number" + }, + "MaxLifetime": { + "markdownDescription": "", + "title": "MaxLifetime", + "type": "number" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.NetworkConfiguration": { + "additionalProperties": false, + "properties": { + "NetworkMode": { + "markdownDescription": "The network mode.", + "title": "NetworkMode", + "type": "string" + }, + "NetworkModeConfig": { + "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime.VpcConfig", + "markdownDescription": "", + "title": "NetworkModeConfig" + } + }, + "required": [ + "NetworkMode" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.RequestHeaderConfiguration": { + "additionalProperties": false, + "properties": { + "RequestHeaderAllowlist": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "RequestHeaderAllowlist", + "type": "array" + } + }, + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.S3Location": { + "additionalProperties": false, + "properties": { + "Bucket": { + "markdownDescription": "", + "title": "Bucket", + "type": "string" + }, + "Prefix": { + "markdownDescription": "", + "title": "Prefix", + "type": "string" + }, + "VersionId": { + "markdownDescription": "", + "title": "VersionId", + "type": "string" + } + }, + "required": [ + "Bucket", + "Prefix" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.SessionStorageConfiguration": { + "additionalProperties": false, + "properties": { + "MountPath": { + "type": "string" + } + }, + "required": [ + "MountPath" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroups": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "SecurityGroups", + "type": "array" + }, + "Subnets": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Subnets", + "type": "array" + } + }, + "required": [ + "SecurityGroups", + "Subnets" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::Runtime.WorkloadIdentityDetails": { + "additionalProperties": false, + "properties": { + "WorkloadIdentityArn": { + "markdownDescription": "The Amazon Resource Name (ARN) for the workload identity.", + "title": "WorkloadIdentityArn", + "type": "string" + } + }, + "required": [ + "WorkloadIdentityArn" + ], + "type": "object" + }, + "AWS::BedrockAgentCore::RuntimeEndpoint": { "additionalProperties": false, "properties": { "Condition": { @@ -46239,6 +48209,77 @@ ], "type": "object" }, + "AWS::BedrockMantle::Project": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::BedrockMantle::Project" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::Billing::BillingView": { "additionalProperties": false, "properties": { @@ -47023,6 +49064,100 @@ }, "type": "object" }, + "AWS::Braket::SpendingLimit": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DeviceArn": { + "type": "string" + }, + "SpendingLimit": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TimePeriod": { + "$ref": "#/definitions/AWS::Braket::SpendingLimit.TimePeriod" + } + }, + "required": [ + "DeviceArn", + "SpendingLimit" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Braket::SpendingLimit" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Braket::SpendingLimit.TimePeriod": { + "additionalProperties": false, + "properties": { + "EndAt": { + "type": "string" + }, + "StartAt": { + "type": "string" + } + }, + "required": [ + "EndAt", + "StartAt" + ], + "type": "object" + }, "AWS::Budgets::Budget": { "additionalProperties": false, "properties": { @@ -48377,25 +50512,333 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "Description of a case rule.", + "markdownDescription": "Description of a case rule.", + "title": "Description", + "type": "string" + }, + "DomainId": { + "markdownDescription": "Unique identifier of a Cases domain.", + "title": "DomainId", + "type": "string" + }, + "Name": { + "markdownDescription": "Name of the case rule.", + "title": "Name", + "type": "string" + }, + "Rule": { + "$ref": "#/definitions/AWS::Cases::CaseRule.CaseRuleDetails", + "markdownDescription": "Represents what rule type should take place, under what conditions.", + "title": "Rule" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Name", + "Rule" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Cases::CaseRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.BooleanCondition": { + "additionalProperties": false, + "properties": { + "EqualTo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", + "markdownDescription": "Tests that operandOne is equal to operandTwo.", + "title": "EqualTo" + }, + "NotEqualTo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", + "markdownDescription": "Tests that operandOne is not equal to operandTwo.", + "title": "NotEqualTo" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.BooleanOperands": { + "additionalProperties": false, + "properties": { + "OperandOne": { + "$ref": "#/definitions/AWS::Cases::CaseRule.OperandOne", + "markdownDescription": "Represents the left hand operand in the condition.", + "title": "OperandOne" + }, + "OperandTwo": { + "$ref": "#/definitions/AWS::Cases::CaseRule.OperandTwo", + "markdownDescription": "Represents the right hand operand in the condition.", + "title": "OperandTwo" + }, + "Result": { + "markdownDescription": "The value of the outer rule if the condition evaluates to true.", + "title": "Result", + "type": "boolean" + } + }, + "required": [ + "OperandOne", + "OperandTwo", + "Result" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.CaseRuleDetails": { + "additionalProperties": false, + "properties": { + "Hidden": { + "$ref": "#/definitions/AWS::Cases::CaseRule.HiddenCaseRule", + "markdownDescription": "Whether a field is visible, based on values in other fields.", + "title": "Hidden" + }, + "Required": { + "$ref": "#/definitions/AWS::Cases::CaseRule.RequiredCaseRule", + "markdownDescription": "Required rule type, used to indicate whether a field is required.", + "title": "Required" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.HiddenCaseRule": { + "additionalProperties": false, + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" + }, + "markdownDescription": "A list of conditions that determine field visibility.", + "title": "Conditions", + "type": "array" + }, + "DefaultValue": { + "markdownDescription": "Whether the field is hidden when no conditions match.", + "title": "DefaultValue", + "type": "boolean" + } + }, + "required": [ + "Conditions", + "DefaultValue" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.OperandOne": { + "additionalProperties": false, + "properties": { + "FieldId": { + "markdownDescription": "The field ID that this operand should take the value of.", + "title": "FieldId", + "type": "string" + } + }, + "required": [ + "FieldId" + ], + "type": "object" + }, + "AWS::Cases::CaseRule.OperandTwo": { + "additionalProperties": false, + "properties": { + "BooleanValue": { + "markdownDescription": "Boolean value type.", + "title": "BooleanValue", + "type": "boolean" + }, + "DoubleValue": { + "markdownDescription": "Double value type.", + "title": "DoubleValue", + "type": "number" + }, + "EmptyValue": { + "markdownDescription": "Represents an empty operand value. In the Amazon Connect admin website, case rules are known as *case field conditions* . For more information about case field conditions, see [Add case field conditions to a case template](https://docs.aws.amazon.com/connect/latest/adminguide/case-field-conditions.html) .", + "title": "EmptyValue", + "type": "object" + }, + "StringValue": { + "markdownDescription": "String value type.", + "title": "StringValue", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Cases::CaseRule.RequiredCaseRule": { + "additionalProperties": false, + "properties": { + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" + }, + "markdownDescription": "List of conditions for the required rule; the first condition to evaluate to true dictates the value of the rule.", + "title": "Conditions", + "type": "array" + }, + "DefaultValue": { + "markdownDescription": "The value of the rule (that is, whether the field is required) should none of the conditions evaluate to true.", + "title": "DefaultValue", + "type": "boolean" + } + }, + "required": [ + "Conditions", + "DefaultValue" + ], + "type": "object" + }, + "AWS::Cases::Domain": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "markdownDescription": "The name of the domain.", + "title": "Name", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Cases::Domain" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Cases::Field": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Attributes": { + "$ref": "#/definitions/AWS::Cases::Field.FieldAttributes" + }, + "Description": { + "markdownDescription": "Description of the field.", "title": "Description", "type": "string" }, "DomainId": { - "markdownDescription": "Unique identifier of a Cases domain.", + "markdownDescription": "The unique identifier of the Cases domain.", "title": "DomainId", "type": "string" }, "Name": { - "markdownDescription": "Name of the case rule.", + "markdownDescription": "Name of the field.", "title": "Name", "type": "string" }, - "Rule": { - "$ref": "#/definitions/AWS::Cases::CaseRule.CaseRuleDetails", - "markdownDescription": "Represents what rule type should take place, under what conditions.", - "title": "Rule" - }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -48403,17 +50846,22 @@ "markdownDescription": "An array of key-value pairs to apply to this resource.", "title": "Tags", "type": "array" + }, + "Type": { + "markdownDescription": "Type of the field.", + "title": "Type", + "type": "string" } }, "required": [ "Name", - "Rule" + "Type" ], "type": "object" }, "Type": { "enum": [ - "AWS::Cases::CaseRule" + "AWS::Cases::Field" ], "type": "string" }, @@ -48432,313 +50880,24 @@ ], "type": "object" }, - "AWS::Cases::CaseRule.BooleanCondition": { - "additionalProperties": false, - "properties": { - "EqualTo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", - "markdownDescription": "Tests that operandOne is equal to operandTwo.", - "title": "EqualTo" - }, - "NotEqualTo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanOperands", - "markdownDescription": "Tests that operandOne is not equal to operandTwo.", - "title": "NotEqualTo" - } - }, - "type": "object" - }, - "AWS::Cases::CaseRule.BooleanOperands": { - "additionalProperties": false, - "properties": { - "OperandOne": { - "$ref": "#/definitions/AWS::Cases::CaseRule.OperandOne", - "markdownDescription": "Represents the left hand operand in the condition.", - "title": "OperandOne" - }, - "OperandTwo": { - "$ref": "#/definitions/AWS::Cases::CaseRule.OperandTwo", - "markdownDescription": "Represents the right hand operand in the condition.", - "title": "OperandTwo" - }, - "Result": { - "markdownDescription": "The value of the outer rule if the condition evaluates to true.", - "title": "Result", - "type": "boolean" - } - }, - "required": [ - "OperandOne", - "OperandTwo", - "Result" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.CaseRuleDetails": { - "additionalProperties": false, - "properties": { - "Hidden": { - "$ref": "#/definitions/AWS::Cases::CaseRule.HiddenCaseRule", - "markdownDescription": "Whether a field is visible, based on values in other fields.", - "title": "Hidden" - }, - "Required": { - "$ref": "#/definitions/AWS::Cases::CaseRule.RequiredCaseRule", - "markdownDescription": "Required rule type, used to indicate whether a field is required.", - "title": "Required" - } - }, - "type": "object" - }, - "AWS::Cases::CaseRule.HiddenCaseRule": { + "AWS::Cases::Field.FieldAttributes": { "additionalProperties": false, "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" - }, - "markdownDescription": "A list of conditions that determine field visibility.", - "title": "Conditions", - "type": "array" - }, - "DefaultValue": { - "markdownDescription": "Whether the field is hidden when no conditions match.", - "title": "DefaultValue", - "type": "boolean" - } - }, - "required": [ - "Conditions", - "DefaultValue" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.OperandOne": { - "additionalProperties": false, - "properties": { - "FieldId": { - "markdownDescription": "The field ID that this operand should take the value of.", - "title": "FieldId", - "type": "string" - } - }, - "required": [ - "FieldId" - ], - "type": "object" - }, - "AWS::Cases::CaseRule.OperandTwo": { - "additionalProperties": false, - "properties": { - "BooleanValue": { - "markdownDescription": "Boolean value type.", - "title": "BooleanValue", - "type": "boolean" - }, - "DoubleValue": { - "markdownDescription": "Double value type.", - "title": "DoubleValue", - "type": "number" - }, - "EmptyValue": { - "markdownDescription": "Represents an empty operand value. In the Amazon Connect admin website, case rules are known as *case field conditions* . For more information about case field conditions, see [Add case field conditions to a case template](https://docs.aws.amazon.com/connect/latest/adminguide/case-field-conditions.html) .", - "title": "EmptyValue", - "type": "object" - }, - "StringValue": { - "markdownDescription": "String value type.", - "title": "StringValue", - "type": "string" + "Text": { + "$ref": "#/definitions/AWS::Cases::Field.TextAttributes" } }, "type": "object" }, - "AWS::Cases::CaseRule.RequiredCaseRule": { + "AWS::Cases::Field.TextAttributes": { "additionalProperties": false, "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::Cases::CaseRule.BooleanCondition" - }, - "markdownDescription": "List of conditions for the required rule; the first condition to evaluate to true dictates the value of the rule.", - "title": "Conditions", - "type": "array" - }, - "DefaultValue": { - "markdownDescription": "The value of the rule (that is, whether the field is required) should none of the conditions evaluate to true.", - "title": "DefaultValue", + "IsMultiline": { "type": "boolean" } }, "required": [ - "Conditions", - "DefaultValue" - ], - "type": "object" - }, - "AWS::Cases::Domain": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Name": { - "markdownDescription": "The name of the domain.", - "title": "Name", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.", - "title": "Tags", - "type": "array" - } - }, - "required": [ - "Name" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Cases::Domain" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::Cases::Field": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Description": { - "markdownDescription": "Description of the field.", - "title": "Description", - "type": "string" - }, - "DomainId": { - "markdownDescription": "The unique identifier of the Cases domain.", - "title": "DomainId", - "type": "string" - }, - "Name": { - "markdownDescription": "Name of the field.", - "title": "Name", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.", - "title": "Tags", - "type": "array" - }, - "Type": { - "markdownDescription": "Type of the field.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Name", - "Type" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Cases::Field" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" + "IsMultiline" ], "type": "object" }, @@ -51416,6 +53575,9 @@ "AWS::CleanRooms::ConfiguredTable.AthenaTableReference": { "additionalProperties": false, "properties": { + "CatalogName": { + "type": "string" + }, "DatabaseName": { "markdownDescription": "The database name.", "title": "DatabaseName", @@ -52543,46 +54705,330 @@ "Properties": { "additionalProperties": false, "properties": { - "AutoRefresh": { - "markdownDescription": "How often the privacy budget refreshes.\n\n> If you plan to regularly bring new data into the collaboration, use `CALENDAR_MONTH` to automatically get a new privacy budget for the collaboration every calendar month. Choosing this option allows arbitrary amounts of information to be revealed about rows of the data when repeatedly queried across refreshes. Avoid choosing this if the same rows will be repeatedly queried between privacy budget refreshes.", - "title": "AutoRefresh", + "AutoRefresh": { + "markdownDescription": "How often the privacy budget refreshes.\n\n> If you plan to regularly bring new data into the collaboration, use `CALENDAR_MONTH` to automatically get a new privacy budget for the collaboration every calendar month. Choosing this option allows arbitrary amounts of information to be revealed about rows of the data when repeatedly queried across refreshes. Avoid choosing this if the same rows will be repeatedly queried between privacy budget refreshes.", + "title": "AutoRefresh", + "type": "string" + }, + "MembershipIdentifier": { + "markdownDescription": "The identifier for a membership resource.", + "title": "MembershipIdentifier", + "type": "string" + }, + "Parameters": { + "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.Parameters", + "markdownDescription": "Specifies the epsilon and noise parameters for the privacy budget template.", + "title": "Parameters" + }, + "PrivacyBudgetType": { + "markdownDescription": "Specifies the type of the privacy budget template.", + "title": "PrivacyBudgetType", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "AutoRefresh", + "MembershipIdentifier", + "Parameters", + "PrivacyBudgetType" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CleanRooms::PrivacyBudgetTemplate" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter": { + "additionalProperties": false, + "properties": { + "AutoRefresh": { + "markdownDescription": "Whether this individual budget parameter automatically refreshes when the budget period resets.", + "title": "AutoRefresh", + "type": "string" + }, + "Budget": { + "markdownDescription": "The budget allocation amount for this specific parameter.", + "title": "Budget", + "type": "number" + }, + "Type": { + "markdownDescription": "The type of budget parameter being configured.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Budget", + "Type" + ], + "type": "object" + }, + "AWS::CleanRooms::PrivacyBudgetTemplate.Parameters": { + "additionalProperties": false, + "properties": { + "BudgetParameters": { + "items": { + "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter" + }, + "markdownDescription": "", + "title": "BudgetParameters", + "type": "array" + }, + "Epsilon": { + "markdownDescription": "The epsilon value that you want to use.", + "title": "Epsilon", + "type": "number" + }, + "ResourceArn": { + "markdownDescription": "", + "title": "ResourceArn", + "type": "string" + }, + "UsersNoisePerQuery": { + "markdownDescription": "Noise added per query is measured in terms of the number of users whose contributions you want to obscure. This value governs the rate at which the privacy budget is depleted.", + "title": "UsersNoisePerQuery", + "type": "number" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "InferenceContainerConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.InferenceContainerConfig" + }, + "KmsKeyArn": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TrainingContainerConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.ContainerConfig" + } + }, + "required": [ + "Name", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CleanRoomsML::ConfiguredModelAlgorithm" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.ContainerConfig": { + "additionalProperties": false, + "properties": { + "Arguments": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Entrypoint": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ImageUri": { + "type": "string" + }, + "MetricDefinitions": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm.MetricDefinition" + }, + "type": "array" + } + }, + "required": [ + "ImageUri" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.InferenceContainerConfig": { + "additionalProperties": false, + "properties": { + "ImageUri": { + "type": "string" + } + }, + "required": [ + "ImageUri" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithm.MetricDefinition": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Regex": { + "type": "string" + } + }, + "required": [ + "Name", + "Regex" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConfiguredModelAlgorithmArn": { "type": "string" }, - "MembershipIdentifier": { - "markdownDescription": "The identifier for a membership resource.", - "title": "MembershipIdentifier", + "Description": { "type": "string" }, - "Parameters": { - "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.Parameters", - "markdownDescription": "Specifies the epsilon and noise parameters for the privacy budget template.", - "title": "Parameters" + "MembershipIdentifier": { + "type": "string" }, - "PrivacyBudgetType": { - "markdownDescription": "Specifies the type of the privacy budget template.", - "title": "PrivacyBudgetType", + "Name": { "type": "string" }, + "PrivacyConfiguration": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfiguration" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An optional label that you can assign to a resource when you create it. Each tag consists of a key and an optional value, both of which you define. When you use tagging, you can also use tag-based access control in IAM policies to control access to this resource.", - "title": "Tags", "type": "array" } }, "required": [ - "AutoRefresh", + "ConfiguredModelAlgorithmArn", "MembershipIdentifier", - "Parameters", - "PrivacyBudgetType" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::CleanRooms::PrivacyBudgetTemplate" + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation" ], "type": "string" }, @@ -52601,58 +55047,200 @@ ], "type": "object" }, - "AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter": { + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.CustomEntityConfig": { "additionalProperties": false, "properties": { - "AutoRefresh": { - "markdownDescription": "Whether this individual budget parameter automatically refreshes when the budget period resets.", - "title": "AutoRefresh", + "CustomDataIdentifiers": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "CustomDataIdentifiers" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogRedactionConfiguration": { + "additionalProperties": false, + "properties": { + "CustomEntityConfig": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.CustomEntityConfig" + }, + "EntitiesToRedact": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "EntitiesToRedact" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "AllowedAccountIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "FilterPattern": { "type": "string" }, - "Budget": { - "markdownDescription": "The budget allocation amount for this specific parameter.", - "title": "Budget", - "type": "number" + "LogRedactionConfiguration": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogRedactionConfiguration" }, - "Type": { - "markdownDescription": "The type of budget parameter being configured.", - "title": "Type", + "LogType": { "type": "string" } }, "required": [ - "Budget", - "Type" + "AllowedAccountIds" ], "type": "object" }, - "AWS::CleanRooms::PrivacyBudgetTemplate.Parameters": { + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.MetricsConfigurationPolicy": { "additionalProperties": false, "properties": { - "BudgetParameters": { + "NoiseLevel": { + "type": "string" + } + }, + "required": [ + "NoiseLevel" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfiguration": { + "additionalProperties": false, + "properties": { + "Policies": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfigurationPolicies" + } + }, + "required": [ + "Policies" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.PrivacyConfigurationPolicies": { + "additionalProperties": false, + "properties": { + "TrainedModelExports": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsConfigurationPolicy" + }, + "TrainedModelInferenceJobs": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceJobsConfigurationPolicy" + }, + "TrainedModels": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelsConfigurationPolicy" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelArtifactMaxSize": { + "additionalProperties": false, + "properties": { + "Unit": { + "type": "string" + }, + "Value": { + "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "FilesToExport": { "items": { - "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate.BudgetParameter" + "type": "string" }, - "markdownDescription": "", - "title": "BudgetParameters", "type": "array" }, - "Epsilon": { - "markdownDescription": "The epsilon value that you want to use.", - "title": "Epsilon", + "MaxSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsMaxSize" + } + }, + "required": [ + "FilesToExport", + "MaxSize" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelExportsMaxSize": { + "additionalProperties": false, + "properties": { + "Unit": { + "type": "string" + }, + "Value": { "type": "number" + } + }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceJobsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "ContainerLogs": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy" + }, + "type": "array" }, - "ResourceArn": { - "markdownDescription": "", - "title": "ResourceArn", + "MaxOutputSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceMaxOutputSize" + } + }, + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelInferenceMaxOutputSize": { + "additionalProperties": false, + "properties": { + "Unit": { "type": "string" }, - "UsersNoisePerQuery": { - "markdownDescription": "Noise added per query is measured in terms of the number of users whose contributions you want to obscure. This value governs the rate at which the privacy budget is depleted.", - "title": "UsersNoisePerQuery", + "Value": { "type": "number" } }, + "required": [ + "Unit", + "Value" + ], + "type": "object" + }, + "AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelsConfigurationPolicy": { + "additionalProperties": false, + "properties": { + "ContainerLogs": { + "items": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.LogsConfigurationPolicy" + }, + "type": "array" + }, + "ContainerMetrics": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.MetricsConfigurationPolicy" + }, + "MaxArtifactSize": { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation.TrainedModelArtifactMaxSize" + } + }, "type": "object" }, "AWS::CleanRoomsML::TrainingDataset": { @@ -60395,6 +62983,12 @@ "title": "EvaluateLowSampleCountPercentile", "type": "string" }, + "EvaluationCriteria": { + "$ref": "#/definitions/AWS::CloudWatch::Alarm.EvaluationCriteria" + }, + "EvaluationInterval": { + "type": "number" + }, "EvaluationPeriods": { "markdownDescription": "The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an \"M out of N\" alarm, this value is the N, and `DatapointsToAlarm` is the M.\n\nFor more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *Amazon CloudWatch User Guide* .", "title": "EvaluationPeriods", @@ -60478,10 +63072,6 @@ "type": "string" } }, - "required": [ - "ComparisonOperator", - "EvaluationPeriods" - ], "type": "object" }, "Type": { @@ -60500,11 +63090,25 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, + "AWS::CloudWatch::Alarm.AlarmPromQLCriteria": { + "additionalProperties": false, + "properties": { + "PendingPeriod": { + "type": "number" + }, + "Query": { + "type": "string" + }, + "RecoveryPeriod": { + "type": "number" + } + }, + "type": "object" + }, "AWS::CloudWatch::Alarm.Dimension": { "additionalProperties": false, "properties": { @@ -60525,6 +63129,15 @@ ], "type": "object" }, + "AWS::CloudWatch::Alarm.EvaluationCriteria": { + "additionalProperties": false, + "properties": { + "PromQLCriteria": { + "$ref": "#/definitions/AWS::CloudWatch::Alarm.AlarmPromQLCriteria" + } + }, + "type": "object" + }, "AWS::CloudWatch::Alarm.Metric": { "additionalProperties": false, "properties": { @@ -69722,6 +72335,255 @@ ], "type": "object" }, + "AWS::ComputeOptimizer::AutomationRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Criteria": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.Criteria" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "OrganizationConfiguration": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.OrganizationConfiguration" + }, + "Priority": { + "type": "string" + }, + "RecommendedActionTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "RuleType": { + "type": "string" + }, + "Schedule": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.Schedule" + }, + "Status": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Name", + "RecommendedActionTypes", + "RuleType", + "Schedule", + "Status" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ComputeOptimizer::AutomationRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.Criteria": { + "additionalProperties": false, + "properties": { + "EbsVolumeSizeInGib": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition" + }, + "type": "array" + }, + "EbsVolumeType": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "EstimatedMonthlySavings": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.DoubleCriteriaCondition" + }, + "type": "array" + }, + "LookBackPeriodInDays": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition" + }, + "type": "array" + }, + "Region": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "ResourceArn": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + }, + "ResourceTag": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.ResourceTagsCriteriaCondition" + }, + "type": "array" + }, + "RestartNeeded": { + "items": { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.DoubleCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "number" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.IntegerCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "number" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.OrganizationConfiguration": { + "additionalProperties": false, + "properties": { + "AccountIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "RuleApplyOrder": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.ResourceTagsCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Key": { + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.Schedule": { + "additionalProperties": false, + "properties": { + "ExecutionWindowInMinutes": { + "type": "number" + }, + "ScheduleExpression": { + "type": "string" + }, + "ScheduleExpressionTimezone": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ComputeOptimizer::AutomationRule.StringCriteriaCondition": { + "additionalProperties": false, + "properties": { + "Comparison": { + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Config::AggregationAuthorization": { "additionalProperties": false, "properties": { @@ -71314,32 +74176,320 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the agent status.", + "markdownDescription": "The description of the agent status.", + "title": "Description", + "type": "string" + }, + "DisplayOrder": { + "markdownDescription": "The display order of the agent status.", + "title": "DisplayOrder", + "type": "number" + }, + "InstanceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance.", + "title": "InstanceArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the agent status.", + "title": "Name", + "type": "string" + }, + "ResetOrderNumber": { + "markdownDescription": "A number indicating the reset order of the agent status.", + "title": "ResetOrderNumber", + "type": "boolean" + }, + "State": { + "markdownDescription": "The state of the agent status.", + "title": "State", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", + "title": "Tags", + "type": "array" + }, + "Type": { + "markdownDescription": "The type of agent status.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "InstanceArn", + "Name", + "State" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::AgentStatus" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ApprovedOrigin": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "InstanceId": { + "markdownDescription": "The Amazon Resource Name (ARN) of the instance.\n\n*Minimum* : `1`\n\n*Maximum* : `100`", + "title": "InstanceId", + "type": "string" + }, + "Origin": { + "markdownDescription": "Domain name to be added to the allow-list of the instance.\n\n*Maximum* : `267`", + "title": "Origin", + "type": "string" + } + }, + "required": [ + "InstanceId", + "Origin" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::ApprovedOrigin" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ContactFlow": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Content": { + "markdownDescription": "The content of the flow.\n\nFor more information, see [Amazon Connect Flow language](https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html) in the *Amazon Connect Administrator Guide* .", + "title": "Content", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the flow.", + "title": "Description", + "type": "string" + }, + "InstanceArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", + "title": "InstanceArn", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the flow.", + "title": "Name", + "type": "string" + }, + "State": { + "markdownDescription": "The state of the flow.", + "title": "State", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + }, + "Type": { + "markdownDescription": "The type of the flow. For descriptions of the available types, see [Choose a flow type](https://docs.aws.amazon.com/connect/latest/adminguide/create-contact-flow.html#contact-flow-types) in the *Amazon Connect Administrator Guide* .", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Content", + "InstanceArn", + "Name", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Connect::ContactFlow" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Connect::ContactFlowModule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Content": { + "markdownDescription": "The content of the flow module.", + "title": "Content", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the flow module.", "title": "Description", "type": "string" }, - "DisplayOrder": { - "markdownDescription": "The display order of the agent status.", - "title": "DisplayOrder", - "type": "number" + "ExternalInvocationConfiguration": { + "$ref": "#/definitions/AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration", + "markdownDescription": "The external invocation configuration for the flow module", + "title": "ExternalInvocationConfiguration" }, "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the instance.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", "title": "InstanceArn", "type": "string" }, "Name": { - "markdownDescription": "The name of the agent status.", + "markdownDescription": "The name of the flow module.", "title": "Name", "type": "string" }, - "ResetOrderNumber": { - "markdownDescription": "A number indicating the reset order of the agent status.", - "title": "ResetOrderNumber", - "type": "boolean" + "Settings": { + "markdownDescription": "The configuration settings for the flow module.", + "title": "Settings", + "type": "string" }, "State": { - "markdownDescription": "The state of the agent status.", + "markdownDescription": "The state of the flow module.", "title": "State", "type": "string" }, @@ -71347,26 +74497,21 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.", + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", "title": "Tags", "type": "array" - }, - "Type": { - "markdownDescription": "The type of agent status.", - "title": "Type", - "type": "string" } }, "required": [ + "Content", "InstanceArn", - "Name", - "State" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::AgentStatus" + "AWS::Connect::ContactFlowModule" ], "type": "string" }, @@ -71385,80 +74530,21 @@ ], "type": "object" }, - "AWS::Connect::ApprovedOrigin": { + "AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration": { "additionalProperties": false, "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "InstanceId": { - "markdownDescription": "The Amazon Resource Name (ARN) of the instance.\n\n*Minimum* : `1`\n\n*Maximum* : `100`", - "title": "InstanceId", - "type": "string" - }, - "Origin": { - "markdownDescription": "Domain name to be added to the allow-list of the instance.\n\n*Maximum* : `267`", - "title": "Origin", - "type": "string" - } - }, - "required": [ - "InstanceId", - "Origin" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Connect::ApprovedOrigin" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" + "Enabled": { + "markdownDescription": "Enable external invocation.", + "title": "Enabled", + "type": "boolean" } }, "required": [ - "Type", - "Properties" + "Enabled" ], "type": "object" }, - "AWS::Connect::ContactFlow": { + "AWS::Connect::ContactFlowModuleAlias": { "additionalProperties": false, "properties": { "Condition": { @@ -71493,56 +74579,29 @@ "Properties": { "additionalProperties": false, "properties": { - "Content": { - "markdownDescription": "The content of the flow.\n\nFor more information, see [Amazon Connect Flow language](https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html) in the *Amazon Connect Administrator Guide* .", - "title": "Content", + "ContactFlowModuleId": { "type": "string" }, - "Description": { - "markdownDescription": "The description of the flow.", - "title": "Description", - "type": "string" + "ContactFlowModuleVersion": { + "type": "number" }, - "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", - "title": "InstanceArn", + "Description": { "type": "string" }, "Name": { - "markdownDescription": "The name of the flow.", - "title": "Name", - "type": "string" - }, - "State": { - "markdownDescription": "The state of the flow.", - "title": "State", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", - "type": "array" - }, - "Type": { - "markdownDescription": "The type of the flow. For descriptions of the available types, see [Choose a flow type](https://docs.aws.amazon.com/connect/latest/adminguide/create-contact-flow.html#contact-flow-types) in the *Amazon Connect Administrator Guide* .", - "title": "Type", "type": "string" } }, "required": [ - "Content", - "InstanceArn", - "Name", - "Type" + "ContactFlowModuleId", + "ContactFlowModuleVersion", + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::ContactFlow" + "AWS::Connect::ContactFlowModuleAlias" ], "type": "string" }, @@ -71561,7 +74620,7 @@ ], "type": "object" }, - "AWS::Connect::ContactFlowModule": { + "AWS::Connect::ContactFlowModuleVersion": { "additionalProperties": false, "properties": { "Condition": { @@ -71596,60 +74655,21 @@ "Properties": { "additionalProperties": false, "properties": { - "Content": { - "markdownDescription": "The content of the flow module.", - "title": "Content", + "ContactFlowModuleId": { "type": "string" }, "Description": { - "markdownDescription": "The description of the flow module.", - "title": "Description", "type": "string" - }, - "ExternalInvocationConfiguration": { - "$ref": "#/definitions/AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration", - "markdownDescription": "The external invocation configuration for the flow module", - "title": "ExternalInvocationConfiguration" - }, - "InstanceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the Amazon Connect instance.", - "title": "InstanceArn", - "type": "string" - }, - "Name": { - "markdownDescription": "The name of the flow module.", - "title": "Name", - "type": "string" - }, - "Settings": { - "markdownDescription": "The configuration settings for the flow module.", - "title": "Settings", - "type": "string" - }, - "State": { - "markdownDescription": "The state of the flow module.", - "title": "State", - "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", - "type": "array" } }, "required": [ - "Content", - "InstanceArn", - "Name" + "ContactFlowModuleId" ], "type": "object" }, "Type": { "enum": [ - "AWS::Connect::ContactFlowModule" + "AWS::Connect::ContactFlowModuleVersion" ], "type": "string" }, @@ -71668,20 +74688,6 @@ ], "type": "object" }, - "AWS::Connect::ContactFlowModule.ExternalInvocationConfiguration": { - "additionalProperties": false, - "properties": { - "Enabled": { - "markdownDescription": "Enable external invocation.", - "title": "Enabled", - "type": "boolean" - } - }, - "required": [ - "Enabled" - ], - "type": "object" - }, "AWS::Connect::ContactFlowVersion": { "additionalProperties": false, "properties": { @@ -74415,6 +77421,12 @@ "Properties": { "additionalProperties": false, "properties": { + "AdditionalEmailAddresses": { + "items": { + "$ref": "#/definitions/AWS::Connect::Queue.EmailAddress" + }, + "type": "array" + }, "Description": { "markdownDescription": "The description of the queue.", "title": "Description", @@ -74500,6 +77512,18 @@ ], "type": "object" }, + "AWS::Connect::Queue.EmailAddress": { + "additionalProperties": false, + "properties": { + "EmailAddressArn": { + "type": "string" + } + }, + "required": [ + "EmailAddressArn" + ], + "type": "object" + }, "AWS::Connect::Queue.OutboundCallerConfig": { "additionalProperties": false, "properties": { @@ -75476,6 +78500,12 @@ "title": "AllowedAccessControlTags", "type": "array" }, + "AllowedFlowModules": { + "items": { + "$ref": "#/definitions/AWS::Connect::SecurityProfile.FlowModule" + }, + "type": "array" + }, "Applications": { "items": { "$ref": "#/definitions/AWS::Connect::SecurityProfile.Application" @@ -75579,6 +78609,9 @@ "markdownDescription": "Namespace of the application that you want to give access to.", "title": "Namespace", "type": "string" + }, + "Type": { + "type": "string" } }, "required": [ @@ -75598,6 +78631,22 @@ }, "type": "object" }, + "AWS::Connect::SecurityProfile.FlowModule": { + "additionalProperties": false, + "properties": { + "FlowModuleId": { + "type": "string" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "FlowModuleId", + "Type" + ], + "type": "object" + }, "AWS::Connect::SecurityProfile.GranularAccessControlConfiguration": { "additionalProperties": false, "properties": { @@ -77472,6 +80521,9 @@ "title": "ConnectInstanceId", "type": "string" }, + "EntryLimitsConfig": { + "$ref": "#/definitions/AWS::ConnectCampaignsV2::Campaign.EntryLimitsConfig" + }, "Name": { "markdownDescription": "The name of the outbound campaign.", "title": "Name", @@ -77743,6 +80795,22 @@ }, "type": "object" }, + "AWS::ConnectCampaignsV2::Campaign.EntryLimitsConfig": { + "additionalProperties": false, + "properties": { + "MaxEntryCount": { + "type": "number" + }, + "MinEntryInterval": { + "type": "string" + } + }, + "required": [ + "MaxEntryCount", + "MinEntryInterval" + ], + "type": "object" + }, "AWS::ConnectCampaignsV2::Campaign.EventTrigger": { "additionalProperties": false, "properties": { @@ -79564,6 +82632,9 @@ "title": "ObjectTypeNames", "type": "array" }, + "Scope": { + "type": "string" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -80084,6 +83155,9 @@ "title": "SourceLastUpdatedTimestampFormat", "type": "string" }, + "SourcePriority": { + "type": "number" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -80204,6 +83278,187 @@ }, "type": "object" }, + "AWS::CustomerProfiles::Recommender": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "DomainName": { + "type": "string" + }, + "RecommenderConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.RecommenderConfig" + }, + "RecommenderName": { + "type": "string" + }, + "RecommenderRecipeName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DomainName", + "RecommenderName", + "RecommenderRecipeName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CustomerProfiles::Recommender" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.EventParameters": { + "additionalProperties": false, + "properties": { + "EventType": { + "type": "string" + }, + "EventValueThreshold": { + "type": "number" + } + }, + "required": [ + "EventType" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.EventsConfig": { + "additionalProperties": false, + "properties": { + "EventParametersList": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.EventParameters" + }, + "type": "array" + } + }, + "required": [ + "EventParametersList" + ], + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.Metrics": { + "additionalProperties": false, + "properties": { + "coverage": { + "type": "number" + }, + "freshness": { + "type": "number" + }, + "hit": { + "type": "number" + }, + "popularity": { + "type": "number" + }, + "recall": { + "type": "number" + }, + "similarity": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.RecommenderConfig": { + "additionalProperties": false, + "properties": { + "EventsConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.EventsConfig" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.RecommenderUpdate": { + "additionalProperties": false, + "properties": { + "CreationDateTime": { + "type": "string" + }, + "FailureReason": { + "type": "string" + }, + "LastUpdatedDateTime": { + "type": "string" + }, + "RecommenderConfig": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.RecommenderConfig" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::Recommender.TrainingMetrics": { + "additionalProperties": false, + "properties": { + "Metrics": { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender.Metrics" + }, + "Time": { + "type": "string" + } + }, + "type": "object" + }, "AWS::CustomerProfiles::SegmentDefinition": { "additionalProperties": false, "properties": { @@ -80264,6 +83519,9 @@ "markdownDescription": "Contains all groups of the segment definition.", "title": "SegmentGroups" }, + "SegmentSort": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SegmentSort" + }, "SegmentSqlQuery": { "markdownDescription": "", "title": "SegmentSqlQuery", @@ -80427,295 +83685,332 @@ ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.Dimension": { + "AWS::CustomerProfiles::SegmentDefinition.Dimension": { + "additionalProperties": false, + "properties": { + "CalculatedAttributes": { + "additionalProperties": false, + "markdownDescription": "Object that holds the calculated attributes to segment on.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.CalculatedAttributeDimension" + } + }, + "title": "CalculatedAttributes", + "type": "object" + }, + "ProfileAttributes": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes", + "markdownDescription": "Object that holds the profile attributes to segment on.", + "title": "ProfileAttributes" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment with.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "The values to apply the DimensionType on.", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.Group": { + "additionalProperties": false, + "properties": { + "Dimensions": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Dimension" + }, + "markdownDescription": "Defines the attributes to segment on.", + "title": "Dimensions", + "type": "array" + }, + "SourceSegments": { + "items": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SourceSegment" + }, + "markdownDescription": "Defines the starting source of data.", + "title": "SourceSegments", + "type": "array" + }, + "SourceType": { + "markdownDescription": "Defines how to interact with the source data.", + "title": "SourceType", + "type": "string" + }, + "Type": { + "markdownDescription": "Defines how to interact with the profiles found in the current filtering.", + "title": "Type", + "type": "string" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes": { + "additionalProperties": false, + "properties": { + "AccountNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within account number.", + "title": "AccountNumber" + }, + "AdditionalInformation": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension", + "markdownDescription": "A field to describe values to segment on within additional information.", + "title": "AdditionalInformation" + }, + "Address": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within address.", + "title": "Address" + }, + "Attributes": { + "additionalProperties": false, + "markdownDescription": "A field to describe values to segment on within attributes.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AttributeDimension" + } + }, + "title": "Attributes", + "type": "object" + }, + "BillingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within billing address.", + "title": "BillingAddress" + }, + "BirthDate": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.DateDimension", + "markdownDescription": "A field to describe values to segment on within birthDate.", + "title": "BirthDate" + }, + "BusinessEmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business email address.", + "title": "BusinessEmailAddress" + }, + "BusinessName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business name.", + "title": "BusinessName" + }, + "BusinessPhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within business phone number.", + "title": "BusinessPhoneNumber" + }, + "EmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within email address.", + "title": "EmailAddress" + }, + "FirstName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within first name.", + "title": "FirstName" + }, + "GenderString": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within genderString.", + "title": "GenderString" + }, + "HomePhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within home phone number.", + "title": "HomePhoneNumber" + }, + "LastName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within last name.", + "title": "LastName" + }, + "MailingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within mailing address.", + "title": "MailingAddress" + }, + "MiddleName": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within middle name.", + "title": "MiddleName" + }, + "MobilePhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within mobile phone number.", + "title": "MobilePhoneNumber" + }, + "PartyTypeString": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within partyTypeString.", + "title": "PartyTypeString" + }, + "PersonalEmailAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within personal email address.", + "title": "PersonalEmailAddress" + }, + "PhoneNumber": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", + "markdownDescription": "A field to describe values to segment on within phone number.", + "title": "PhoneNumber" + }, + "ProfileType": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension", + "markdownDescription": "The type of profile.", + "title": "ProfileType" + }, + "ShippingAddress": { + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", + "markdownDescription": "A field to describe values to segment on within shipping address.", + "title": "ShippingAddress" + } + }, + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment on.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension": { + "additionalProperties": false, + "properties": { + "DimensionType": { + "markdownDescription": "The action to segment on.", + "title": "DimensionType", + "type": "string" + }, + "Values": { + "items": { + "type": "string" + }, + "markdownDescription": "The values to apply the DimensionType on.", + "title": "Values", + "type": "array" + } + }, + "required": [ + "DimensionType", + "Values" + ], + "type": "object" + }, + "AWS::CustomerProfiles::SegmentDefinition.RangeOverride": { "additionalProperties": false, "properties": { - "CalculatedAttributes": { - "additionalProperties": false, - "markdownDescription": "Object that holds the calculated attributes to segment on.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.CalculatedAttributeDimension" - } - }, - "title": "CalculatedAttributes", - "type": "object" + "End": { + "markdownDescription": "The end time of when to include objects.", + "title": "End", + "type": "number" }, - "ProfileAttributes": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes", - "markdownDescription": "Object that holds the profile attributes to segment on.", - "title": "ProfileAttributes" - } - }, - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension": { - "additionalProperties": false, - "properties": { - "DimensionType": { - "markdownDescription": "The action to segment with.", - "title": "DimensionType", - "type": "string" + "Start": { + "markdownDescription": "The start time of when to include objects.", + "title": "Start", + "type": "number" }, - "Values": { - "items": { - "type": "string" - }, - "markdownDescription": "The values to apply the DimensionType on.", - "title": "Values", - "type": "array" + "Unit": { + "markdownDescription": "The unit for start and end.", + "title": "Unit", + "type": "string" } }, "required": [ - "DimensionType", - "Values" + "Start", + "Unit" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.Group": { + "AWS::CustomerProfiles::SegmentDefinition.SegmentGroup": { "additionalProperties": false, "properties": { - "Dimensions": { - "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Dimension" - }, - "markdownDescription": "Defines the attributes to segment on.", - "title": "Dimensions", - "type": "array" - }, - "SourceSegments": { + "Groups": { "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SourceSegment" + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Group" }, - "markdownDescription": "Defines the starting source of data.", - "title": "SourceSegments", + "markdownDescription": "Holds the list of groups within the segment definition.", + "title": "Groups", "type": "array" }, - "SourceType": { - "markdownDescription": "Defines how to interact with the source data.", - "title": "SourceType", - "type": "string" - }, - "Type": { - "markdownDescription": "Defines how to interact with the profiles found in the current filtering.", - "title": "Type", + "Include": { + "markdownDescription": "Defines whether to include or exclude the profiles that fit the segment criteria.", + "title": "Include", "type": "string" } }, "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileAttributes": { + "AWS::CustomerProfiles::SegmentDefinition.SegmentSort": { "additionalProperties": false, "properties": { - "AccountNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within account number.", - "title": "AccountNumber" - }, - "AdditionalInformation": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ExtraLengthValueProfileDimension", - "markdownDescription": "A field to describe values to segment on within additional information.", - "title": "AdditionalInformation" - }, - "Address": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within address.", - "title": "Address" - }, "Attributes": { - "additionalProperties": false, - "markdownDescription": "A field to describe values to segment on within attributes.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AttributeDimension" - } - }, - "title": "Attributes", - "type": "object" - }, - "BillingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within billing address.", - "title": "BillingAddress" - }, - "BirthDate": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.DateDimension", - "markdownDescription": "A field to describe values to segment on within birthDate.", - "title": "BirthDate" - }, - "BusinessEmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business email address.", - "title": "BusinessEmailAddress" - }, - "BusinessName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business name.", - "title": "BusinessName" - }, - "BusinessPhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within business phone number.", - "title": "BusinessPhoneNumber" - }, - "EmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within email address.", - "title": "EmailAddress" - }, - "FirstName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within first name.", - "title": "FirstName" - }, - "GenderString": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within genderString.", - "title": "GenderString" - }, - "HomePhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within home phone number.", - "title": "HomePhoneNumber" - }, - "LastName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within last name.", - "title": "LastName" - }, - "MailingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within mailing address.", - "title": "MailingAddress" - }, - "MiddleName": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within middle name.", - "title": "MiddleName" - }, - "MobilePhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within mobile phone number.", - "title": "MobilePhoneNumber" - }, - "PartyTypeString": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within partyTypeString.", - "title": "PartyTypeString" - }, - "PersonalEmailAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within personal email address.", - "title": "PersonalEmailAddress" - }, - "PhoneNumber": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileDimension", - "markdownDescription": "A field to describe values to segment on within phone number.", - "title": "PhoneNumber" - }, - "ProfileType": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension", - "markdownDescription": "The type of profile.", - "title": "ProfileType" - }, - "ShippingAddress": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.AddressDimension", - "markdownDescription": "A field to describe values to segment on within shipping address.", - "title": "ShippingAddress" - } - }, - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileDimension": { - "additionalProperties": false, - "properties": { - "DimensionType": { - "markdownDescription": "The action to segment on.", - "title": "DimensionType", - "type": "string" - }, - "Values": { "items": { - "type": "string" + "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.SortAttribute" }, - "markdownDescription": "", - "title": "Values", "type": "array" } }, "required": [ - "DimensionType", - "Values" + "Attributes" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.ProfileTypeDimension": { + "AWS::CustomerProfiles::SegmentDefinition.SortAttribute": { "additionalProperties": false, "properties": { - "DimensionType": { - "markdownDescription": "The action to segment on.", - "title": "DimensionType", + "DataType": { "type": "string" }, - "Values": { - "items": { - "type": "string" - }, - "markdownDescription": "The values to apply the DimensionType on.", - "title": "Values", - "type": "array" - } - }, - "required": [ - "DimensionType", - "Values" - ], - "type": "object" - }, - "AWS::CustomerProfiles::SegmentDefinition.RangeOverride": { - "additionalProperties": false, - "properties": { - "End": { - "markdownDescription": "The end time of when to include objects.", - "title": "End", - "type": "number" + "Name": { + "type": "string" }, - "Start": { - "markdownDescription": "The start time of when to include objects.", - "title": "Start", - "type": "number" + "Order": { + "type": "string" }, - "Unit": { - "markdownDescription": "The unit for start and end.", - "title": "Unit", + "Type": { "type": "string" } }, "required": [ - "Start", - "Unit" + "Name", + "Order" ], "type": "object" }, - "AWS::CustomerProfiles::SegmentDefinition.SegmentGroup": { - "additionalProperties": false, - "properties": { - "Groups": { - "items": { - "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition.Group" - }, - "markdownDescription": "Holds the list of groups within the segment definition.", - "title": "Groups", - "type": "array" - }, - "Include": { - "markdownDescription": "Defines whether to include or exclude the profiles that fit the segment criteria.", - "title": "Include", - "type": "string" - } - }, - "type": "object" - }, "AWS::CustomerProfiles::SegmentDefinition.SourceSegment": { "additionalProperties": false, "properties": { @@ -81494,6 +84789,12 @@ "AWS::DLM::LifecyclePolicy.FastRestoreRule": { "additionalProperties": false, "properties": { + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "AvailabilityZones": { "items": { "type": "string" @@ -88258,6 +91559,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationFSxONTAP.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationFSxONTAP.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationFSxONTAP.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationFSxONTAP.NFS": { "additionalProperties": false, "properties": { @@ -88302,11 +91643,20 @@ "AWS::DataSync::LocationFSxONTAP.SMB": { "additionalProperties": false, "properties": { + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.CustomSecretConfig" + }, "Domain": { "markdownDescription": "Specifies the name of the Windows domain that your storage virtual machine (SVM) belongs to.\n\nIf you have multiple domains in your environment, configuring this setting makes sure that DataSync connects to the right SVM.\n\nIf you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right SVM.", "title": "Domain", "type": "string" }, + "ManagedSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.ManagedSecretConfig" + }, "MountOptions": { "$ref": "#/definitions/AWS::DataSync::LocationFSxONTAP.SmbMountOptions", "markdownDescription": "Specifies how DataSync can access a location using the SMB protocol.", @@ -88325,7 +91675,6 @@ }, "required": [ "MountOptions", - "Password", "User" ], "type": "object" @@ -88506,6 +91855,12 @@ "Properties": { "additionalProperties": false, "properties": { + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxWindows.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationFSxWindows.CustomSecretConfig" + }, "Domain": { "markdownDescription": "Specifies the name of the Windows domain that the FSx for Windows File Server file system belongs to.\n\nIf you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right file system.", "title": "Domain", @@ -88575,6 +91930,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationFSxWindows.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationFSxWindows.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationFSxWindows.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationHDFS": { "additionalProperties": false, "properties": { @@ -88628,6 +92023,12 @@ "title": "BlockSize", "type": "number" }, + "CmkSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationHDFS.CmkSecretConfig" + }, + "CustomSecretConfig": { + "$ref": "#/definitions/AWS::DataSync::LocationHDFS.CustomSecretConfig" + }, "KerberosKeytab": { "markdownDescription": "The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. Provide the base64-encoded file text. If `KERBEROS` is specified for `AuthType` , this value is required.", "title": "KerberosKeytab", @@ -88713,6 +92114,46 @@ ], "type": "object" }, + "AWS::DataSync::LocationHDFS.CmkSecretConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DataSync::LocationHDFS.CustomSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretAccessRoleArn": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretAccessRoleArn", + "SecretArn" + ], + "type": "object" + }, + "AWS::DataSync::LocationHDFS.ManagedSecretConfig": { + "additionalProperties": false, + "properties": { + "SecretArn": { + "type": "string" + } + }, + "required": [ + "SecretArn" + ], + "type": "object" + }, "AWS::DataSync::LocationHDFS.NameNode": { "additionalProperties": false, "properties": { @@ -90090,6 +93531,12 @@ "$ref": "#/definitions/AWS::DataZone::Connection.SparkGluePropertiesInput", "markdownDescription": "The Spark AWS Glue properties of a connection.", "title": "SparkGlueProperties" + }, + "WorkflowsMwaaProperties": { + "$ref": "#/definitions/AWS::DataZone::Connection.WorkflowsMwaaPropertiesInput" + }, + "WorkflowsServerlessProperties": { + "type": "object" } }, "type": "object" @@ -90587,6 +94034,15 @@ ], "type": "object" }, + "AWS::DataZone::Connection.WorkflowsMwaaPropertiesInput": { + "additionalProperties": false, + "properties": { + "MwaaEnvironmentName": { + "type": "string" + } + }, + "type": "object" + }, "AWS::DataZone::DataSource": { "additionalProperties": false, "properties": { @@ -92551,6 +96007,12 @@ "title": "ProjectProfileVersion", "type": "string" }, + "ResourceTags": { + "items": { + "$ref": "#/definitions/AWS::DataZone::Project.ResourceTag" + }, + "type": "array" + }, "UserParameters": { "items": { "$ref": "#/definitions/AWS::DataZone::Project.EnvironmentConfigurationUserParameter" @@ -92627,6 +96089,22 @@ }, "type": "object" }, + "AWS::DataZone::Project.ResourceTag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "Key", + "Value" + ], + "type": "object" + }, "AWS::DataZone::ProjectMembership": { "additionalProperties": false, "properties": { @@ -92763,6 +96241,9 @@ "Properties": { "additionalProperties": false, "properties": { + "AllowCustomProjectResourceTags": { + "type": "boolean" + }, "Description": { "markdownDescription": "The description of the project profile.", "title": "Description", @@ -92791,6 +96272,15 @@ "title": "Name", "type": "string" }, + "ProjectResourceTags": { + "items": { + "$ref": "#/definitions/AWS::DataZone::ProjectProfile.ResourceTagParameter" + }, + "type": "array" + }, + "ProjectResourceTagsDescription": { + "type": "string" + }, "Status": { "markdownDescription": "The status of a project profile.", "title": "Status", @@ -92958,6 +96448,26 @@ ], "type": "object" }, + "AWS::DataZone::ProjectProfile.ResourceTagParameter": { + "additionalProperties": false, + "properties": { + "IsValueEditable": { + "type": "boolean" + }, + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "required": [ + "IsValueEditable", + "Key", + "Value" + ], + "type": "object" + }, "AWS::DataZone::SubscriptionTarget": { "additionalProperties": false, "properties": { @@ -93266,6 +96776,9 @@ "Properties": { "additionalProperties": false, "properties": { + "CostScaleFactor": { + "type": "number" + }, "Description": { "markdownDescription": "A description of the farm that helps identify what the farm is used for.\n\n> This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.", "title": "Description", @@ -93509,9 +97022,27 @@ ], "type": "object" }, + "AWS::Deadline::Fleet.CustomerManagedAutoScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScaleOutWorkersPerMinute": { + "type": "number" + }, + "StandbyWorkerCount": { + "type": "number" + }, + "WorkerIdleDurationSeconds": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Fleet.CustomerManagedFleetConfiguration": { "additionalProperties": false, "properties": { + "AutoScalingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Fleet.CustomerManagedAutoScalingConfiguration" + }, "Mode": { "markdownDescription": "The Auto Scaling mode for the customer managed fleet.", "title": "Mode", @@ -93750,9 +97281,27 @@ ], "type": "object" }, + "AWS::Deadline::Fleet.ServiceManagedEc2AutoScalingConfiguration": { + "additionalProperties": false, + "properties": { + "ScaleOutWorkersPerMinute": { + "type": "number" + }, + "StandbyWorkerCount": { + "type": "number" + }, + "WorkerIdleDurationSeconds": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Fleet.ServiceManagedEc2FleetConfiguration": { "additionalProperties": false, "properties": { + "AutoScalingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Fleet.ServiceManagedEc2AutoScalingConfiguration" + }, "InstanceCapabilities": { "$ref": "#/definitions/AWS::Deadline::Fleet.ServiceManagedEc2InstanceCapabilities", "markdownDescription": "The instance capabilities for the service managed EC2 fleet.", @@ -94197,6 +97746,9 @@ "title": "IdentityCenterInstanceArn", "type": "string" }, + "IdentityCenterRegion": { + "type": "string" + }, "RoleArn": { "markdownDescription": "The Amazon Resource Name of the IAM role for the monitor. Users of the monitor use this role to access Deadline Cloud resources.", "title": "RoleArn", @@ -94331,6 +97883,9 @@ "title": "RoleArn", "type": "string" }, + "SchedulingConfiguration": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingConfiguration" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -94431,6 +97986,81 @@ ], "type": "object" }, + "AWS::Deadline::Queue.PriorityBalancedSchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "RenderingTaskBuffer": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "PriorityBalanced": { + "$ref": "#/definitions/AWS::Deadline::Queue.PriorityBalancedSchedulingConfiguration" + }, + "PriorityFifo": { + "type": "object" + }, + "WeightedBalanced": { + "$ref": "#/definitions/AWS::Deadline::Queue.WeightedBalancedSchedulingConfiguration" + } + }, + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingMaxPriorityOverride": { + "additionalProperties": false, + "properties": { + "AlwaysScheduleFirst": { + "type": "object" + } + }, + "required": [ + "AlwaysScheduleFirst" + ], + "type": "object" + }, + "AWS::Deadline::Queue.SchedulingMinPriorityOverride": { + "additionalProperties": false, + "properties": { + "AlwaysScheduleLast": { + "type": "object" + } + }, + "required": [ + "AlwaysScheduleLast" + ], + "type": "object" + }, + "AWS::Deadline::Queue.WeightedBalancedSchedulingConfiguration": { + "additionalProperties": false, + "properties": { + "ErrorWeight": { + "type": "number" + }, + "MaxPriorityOverride": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingMaxPriorityOverride" + }, + "MinPriorityOverride": { + "$ref": "#/definitions/AWS::Deadline::Queue.SchedulingMinPriorityOverride" + }, + "PriorityWeight": { + "type": "number" + }, + "RenderingTaskBuffer": { + "type": "number" + }, + "RenderingTaskWeight": { + "type": "number" + }, + "SubmissionTimeWeight": { + "type": "number" + } + }, + "type": "object" + }, "AWS::Deadline::Queue.WindowsUser": { "additionalProperties": false, "properties": { @@ -95080,6 +98710,9 @@ "title": "Description", "type": "string" }, + "KmsKeyArn": { + "type": "string" + }, "Name": { "markdownDescription": "The name of the Agent Space.", "title": "Name", @@ -95087,6 +98720,12 @@ }, "OperatorApp": { "$ref": "#/definitions/AWS::DevOpsAgent::AgentSpace.OperatorApp" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -95780,11 +99419,20 @@ "Properties": { "additionalProperties": false, "properties": { + "KmsKeyArn": { + "type": "string" + }, "ServiceDetails": { "$ref": "#/definitions/AWS::DevOpsAgent::Service.ServiceDetails" }, "ServiceType": { "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -96453,20 +100101,624 @@ "Properties": { "additionalProperties": false, "properties": { - "ResourceCollectionFilter": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter", - "markdownDescription": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", - "title": "ResourceCollectionFilter" + "ResourceCollectionFilter": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter", + "markdownDescription": "Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru.", + "title": "ResourceCollectionFilter" + } + }, + "required": [ + "ResourceCollectionFilter" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DevOpsGuru::ResourceCollection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter": { + "additionalProperties": false, + "properties": { + "StackNames": { + "items": { + "type": "string" + }, + "markdownDescription": "An array of CloudFormation stack names.", + "title": "StackNames", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter": { + "additionalProperties": false, + "properties": { + "CloudFormation": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter", + "markdownDescription": "Information about AWS CloudFormation stacks. You can use up to 1000 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", + "title": "CloudFormation" + }, + "Tags": { + "items": { + "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.TagCollection" + }, + "markdownDescription": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- A field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. The tag value is a required property when AppBoundaryKey is specified.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `DevOps-Guru-deployment-application` or `devops-guru-rds-application` . When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "title": "Tags", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "additionalProperties": false, + "properties": { + "AppBoundaryKey": { + "markdownDescription": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", + "title": "AppBoundaryKey", + "type": "string" + }, + "TagValues": { + "items": { + "type": "string" + }, + "markdownDescription": "The values in an AWS tag collection.\n\nThe tag's *value* is a field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value. The tag value is a required property when *AppBoundaryKey* is specified.", + "title": "TagValues", + "type": "array" + } + }, + "type": "object" + }, + "AWS::DirectConnect::Connection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Bandwidth": { + "type": "string" + }, + "ConnectionName": { + "type": "string" + }, + "LagId": { + "type": "string" + }, + "Location": { + "type": "string" + }, + "ProviderName": { + "type": "string" + }, + "RequestMACSec": { + "type": "boolean" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Bandwidth", + "ConnectionName", + "Location" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::Connection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::DirectConnectGateway": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AmazonSideAsn": { + "type": "string" + }, + "DirectConnectGatewayName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DirectConnectGatewayName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::DirectConnectGateway" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::DirectConnectGatewayAssociation": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AcceptDirectConnectGatewayAssociationProposalRoleArn": { + "type": "string" + }, + "AllowedPrefixesToDirectConnectGateway": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AssociatedGatewayId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + } + }, + "required": [ + "AssociatedGatewayId", + "DirectConnectGatewayId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::DirectConnectGatewayAssociation" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::Lag": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConnectionsBandwidth": { + "type": "string" + }, + "LagName": { + "type": "string" + }, + "Location": { + "type": "string" + }, + "MinimumLinks": { + "type": "number" + }, + "ProviderName": { + "type": "string" + }, + "RequestMACSec": { + "type": "boolean" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "ConnectionsBandwidth", + "LagName", + "Location" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::Lag" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::PrivateVirtualInterface": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocatePrivateVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::PrivateVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + }, + "EnableSiteLink": { + "type": "boolean" + }, + "Mtu": { + "type": "number" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualGatewayId": { + "type": "string" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" + } + }, + "required": [ + "BgpPeers", + "ConnectionId", + "VirtualInterfaceName", + "Vlan" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::PrivateVirtualInterface" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DirectConnect::PrivateVirtualInterface.BgpPeer": { + "additionalProperties": false, + "properties": { + "AddressFamily": { + "type": "string" + }, + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" + } + }, + "required": [ + "AddressFamily", + "Asn" + ], + "type": "object" + }, + "AWS::DirectConnect::PublicVirtualInterface": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocatePublicVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::PublicVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "RouteFilterPrefixes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" } }, "required": [ - "ResourceCollectionFilter" + "BgpPeers", + "ConnectionId", + "VirtualInterfaceName", + "Vlan" ], "type": "object" }, "Type": { "enum": [ - "AWS::DevOpsGuru::ResourceCollection" + "AWS::DirectConnect::PublicVirtualInterface" ], "type": "string" }, @@ -96485,56 +100737,159 @@ ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter": { + "AWS::DirectConnect::PublicVirtualInterface.BgpPeer": { "additionalProperties": false, "properties": { - "StackNames": { - "items": { - "type": "string" - }, - "markdownDescription": "An array of CloudFormation stack names.", - "title": "StackNames", - "type": "array" + "AddressFamily": { + "type": "string" + }, + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" } }, + "required": [ + "AddressFamily", + "Asn" + ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.ResourceCollectionFilter": { + "AWS::DirectConnect::TransitVirtualInterface": { "additionalProperties": false, "properties": { - "CloudFormation": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.CloudFormationCollectionFilter", - "markdownDescription": "Information about AWS CloudFormation stacks. You can use up to 1000 stacks to specify which AWS resources in your account to analyze. For more information, see [Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide* .", - "title": "CloudFormation" + "Condition": { + "type": "string" }, - "Tags": { - "items": { - "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection.TagCollection" + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllocateTransitVirtualInterfaceRoleArn": { + "type": "string" + }, + "BgpPeers": { + "items": { + "$ref": "#/definitions/AWS::DirectConnect::TransitVirtualInterface.BgpPeer" + }, + "type": "array" + }, + "ConnectionId": { + "type": "string" + }, + "DirectConnectGatewayId": { + "type": "string" + }, + "EnableSiteLink": { + "type": "boolean" + }, + "Mtu": { + "type": "number" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VirtualInterfaceName": { + "type": "string" + }, + "Vlan": { + "type": "number" + } }, - "markdownDescription": "The AWS tags used to filter the resources in the resource collection.\n\nTags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an AWS Lambda function. For more information about using tags, see the [Tagging best practices](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html) whitepaper.\n\nEach AWS tag has two parts.\n\n- A tag *key* (for example, `CostCenter` , `Environment` , `Project` , or `Secret` ). Tag *keys* are case-sensitive.\n- A field known as a tag *value* (for example, `111122223333` , `Production` , or a team name). Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. The tag value is a required property when AppBoundaryKey is specified.\n\nTogether these are known as *key* - *value* pairs.\n\n> The string used for a *key* in a tag that you use to define your resource coverage must begin with the prefix `Devops-guru-` . The tag *key* might be `DevOps-Guru-deployment-application` or `devops-guru-rds-application` . When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", - "title": "Tags", - "type": "array" + "required": [ + "BgpPeers", + "ConnectionId", + "DirectConnectGatewayId", + "VirtualInterfaceName", + "Vlan" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DirectConnect::TransitVirtualInterface" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" } }, + "required": [ + "Type", + "Properties" + ], "type": "object" }, - "AWS::DevOpsGuru::ResourceCollection.TagCollection": { + "AWS::DirectConnect::TransitVirtualInterface.BgpPeer": { "additionalProperties": false, "properties": { - "AppBoundaryKey": { - "markdownDescription": "An AWS tag *key* that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this *key* make up your DevOps Guru application and analysis boundary.\n\n> When you create a *key* , the case of characters in the *key* can be whatever you choose. After you create a *key* , it is case-sensitive. For example, DevOps Guru works with a *key* named `devops-guru-rds` and a *key* named `DevOps-Guru-RDS` , and these act as two different *keys* . Possible *key* / *value* pairs in your application might be `Devops-Guru-production-application/RDS` or `Devops-Guru-production-application/containers` .", - "title": "AppBoundaryKey", + "AddressFamily": { "type": "string" }, - "TagValues": { - "items": { - "type": "string" - }, - "markdownDescription": "The values in an AWS tag collection.\n\nThe tag's *value* is a field used to associate a string with the tag *key* (for example, `111122223333` , `Production` , or a team name). The *key* and *value* are the tag's *key* pair. Omitting the tag *value* is the same as using an empty string. Like tag *keys* , tag *values* are case-sensitive. You can specify a maximum of 256 characters for a tag value. The tag value is a required property when *AppBoundaryKey* is specified.", - "title": "TagValues", - "type": "array" + "AmazonAddress": { + "type": "string" + }, + "Asn": { + "type": "string" + }, + "AuthKey": { + "type": "string" + }, + "BgpPeerId": { + "type": "string" + }, + "CustomerAddress": { + "type": "string" } }, + "required": [ + "AddressFamily", + "Asn" + ], "type": "object" }, "AWS::DirectoryService::MicrosoftAD": { @@ -99694,6 +104049,9 @@ "title": "TrafficIpAddressType", "type": "string" }, + "TransitGatewayConfiguration": { + "$ref": "#/definitions/AWS::EC2::ClientVpnEndpoint.TransitGatewayConfiguration" + }, "TransportProtocol": { "markdownDescription": "The transport protocol to be used by the VPN session.\n\nDefault value: `udp`", "title": "TransportProtocol", @@ -99910,6 +104268,30 @@ ], "type": "object" }, + "AWS::EC2::ClientVpnEndpoint.TransitGatewayConfiguration": { + "additionalProperties": false, + "properties": { + "AvailabilityZoneIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AvailabilityZones": { + "items": { + "type": "string" + }, + "type": "array" + }, + "TransitGatewayId": { + "type": "string" + } + }, + "required": [ + "TransitGatewayId" + ], + "type": "object" + }, "AWS::EC2::ClientVpnRoute": { "additionalProperties": false, "properties": { @@ -99968,8 +104350,7 @@ }, "required": [ "ClientVpnEndpointId", - "DestinationCidrBlock", - "TargetVpcSubnetId" + "DestinationCidrBlock" ], "type": "object" }, @@ -100029,6 +104410,12 @@ "Properties": { "additionalProperties": false, "properties": { + "AvailabilityZone": { + "type": "string" + }, + "AvailabilityZoneId": { + "type": "string" + }, "ClientVpnEndpointId": { "markdownDescription": "The ID of the Client VPN endpoint.", "title": "ClientVpnEndpointId", @@ -100041,8 +104428,7 @@ } }, "required": [ - "ClientVpnEndpointId", - "SubnetId" + "ClientVpnEndpointId" ], "type": "object" }, @@ -100336,6 +104722,9 @@ "title": "ReplaceUnhealthyInstances", "type": "boolean" }, + "ReservedCapacityOptions": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.ReservedCapacityOptionsRequest" + }, "SpotOptions": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.SpotOptionsRequest", "markdownDescription": "Describes the configuration of Spot Instances in an EC2 Fleet.", @@ -100609,6 +104998,9 @@ "title": "BlockDeviceMappings", "type": "array" }, + "IamInstanceProfile": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.IamInstanceProfileSpecification" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.InstanceRequirementsRequest", "markdownDescription": "The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.\n\n> If you specify `InstanceRequirements` , you can't specify `InstanceType` .", @@ -100619,11 +105011,23 @@ "title": "InstanceType", "type": "string" }, + "KeyName": { + "type": "string" + }, "MaxPrice": { "markdownDescription": "The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.\n\n> If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.\n> \n> If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an `InvalidParameterValue` error message.", "title": "MaxPrice", "type": "string" }, + "MetadataOptions": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.InstanceMetadataOptionsRequest" + }, + "NetworkInterfaces": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.NetworkInterfaceSpecificationRequest" + }, + "type": "array" + }, "Placement": { "$ref": "#/definitions/AWS::EC2::EC2Fleet.Placement", "markdownDescription": "The location where the instance launched, if applicable.", @@ -100660,6 +105064,9 @@ "title": "LaunchTemplateName", "type": "string" }, + "LaunchTemplateSpecificationUserData": { + "type": "string" + }, "Version": { "markdownDescription": "The launch template version number, `$Latest` , or `$Default` . You must specify a value, otherwise the request fails.\n\nIf the value is `$Latest` , Amazon EC2 uses the latest version of the launch template.\n\nIf the value is `$Default` , Amazon EC2 uses the default version of the launch template.", "title": "Version", @@ -100671,6 +105078,33 @@ ], "type": "object" }, + "AWS::EC2::EC2Fleet.IamInstanceProfileSpecification": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "Name": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::EC2Fleet.InstanceMetadataOptionsRequest": { + "additionalProperties": false, + "properties": { + "HttpEndpoint": { + "type": "string" + }, + "HttpPutResponseHopLimit": { + "type": "number" + }, + "HttpTokens": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.InstanceRequirementsRequest": { "additionalProperties": false, "properties": { @@ -100831,6 +105265,15 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.Ipv6AddressRequest": { + "additionalProperties": false, + "properties": { + "Ipv6Address": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.MaintenanceStrategies": { "additionalProperties": false, "properties": { @@ -100906,6 +105349,63 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.NetworkInterfaceSpecificationRequest": { + "additionalProperties": false, + "properties": { + "AssociatePublicIpAddress": { + "type": "boolean" + }, + "DeleteOnTermination": { + "type": "boolean" + }, + "Description": { + "type": "string" + }, + "DeviceIndex": { + "type": "number" + }, + "Groups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "InterfaceType": { + "type": "string" + }, + "Ipv6AddressCount": { + "type": "number" + }, + "Ipv6Addresses": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.Ipv6AddressRequest" + }, + "type": "array" + }, + "NetworkCardIndex": { + "type": "number" + }, + "NetworkInterfaceId": { + "type": "string" + }, + "PrivateIpAddress": { + "type": "string" + }, + "PrivateIpAddresses": { + "items": { + "$ref": "#/definitions/AWS::EC2::EC2Fleet.PrivateIpAddressSpecificationRequest" + }, + "type": "array" + }, + "SecondaryPrivateIpAddressCount": { + "type": "number" + }, + "SubnetId": { + "type": "string" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.OnDemandOptionsRequest": { "additionalProperties": false, "properties": { @@ -100999,6 +105499,30 @@ }, "type": "object" }, + "AWS::EC2::EC2Fleet.PrivateIpAddressSpecificationRequest": { + "additionalProperties": false, + "properties": { + "Primary": { + "type": "boolean" + }, + "PrivateIpAddress": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::EC2Fleet.ReservedCapacityOptionsRequest": { + "additionalProperties": false, + "properties": { + "ReservationTypes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::EC2::EC2Fleet.SpotOptionsRequest": { "additionalProperties": false, "properties": { @@ -102040,104 +106564,310 @@ "additionalProperties": false, "properties": { "AddressFamily": { - "markdownDescription": "The address family of the pool.", - "title": "AddressFamily", - "type": "string" - }, - "AllocationDefaultNetmaskLength": { - "markdownDescription": "The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.", - "title": "AllocationDefaultNetmaskLength", - "type": "number" - }, - "AllocationMaxNetmaskLength": { - "markdownDescription": "The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", - "title": "AllocationMaxNetmaskLength", - "type": "number" - }, - "AllocationMinNetmaskLength": { - "markdownDescription": "The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", - "title": "AllocationMinNetmaskLength", - "type": "number" - }, - "AllocationResourceTags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.", - "title": "AllocationResourceTags", - "type": "array" - }, - "AutoImport": { - "markdownDescription": "If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.\n\nA locale must be set on the pool for this feature to work.", - "title": "AutoImport", - "type": "boolean" - }, - "AwsService": { - "markdownDescription": "Limits which service in AWS that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.", - "title": "AwsService", + "markdownDescription": "The address family of the pool.", + "title": "AddressFamily", + "type": "string" + }, + "AllocationDefaultNetmaskLength": { + "markdownDescription": "The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.", + "title": "AllocationDefaultNetmaskLength", + "type": "number" + }, + "AllocationMaxNetmaskLength": { + "markdownDescription": "The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", + "title": "AllocationMaxNetmaskLength", + "type": "number" + }, + "AllocationMinNetmaskLength": { + "markdownDescription": "The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.", + "title": "AllocationMinNetmaskLength", + "type": "number" + }, + "AllocationResourceTags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.", + "title": "AllocationResourceTags", + "type": "array" + }, + "AutoImport": { + "markdownDescription": "If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.\n\nA locale must be set on the pool for this feature to work.", + "title": "AutoImport", + "type": "boolean" + }, + "AwsService": { + "markdownDescription": "Limits which service in AWS that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.", + "title": "AwsService", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the IPAM pool.", + "title": "Description", + "type": "string" + }, + "IpamScopeId": { + "markdownDescription": "The ID of the scope in which you would like to create the IPAM pool.", + "title": "IpamScopeId", + "type": "string" + }, + "Locale": { + "markdownDescription": "The locale of the IPAM pool.\n\nThe locale for the pool should be one of the following:\n\n- An AWS Region where you want this IPAM pool to be available for allocations.\n- The network border group for an AWS Local Zone where you want this IPAM pool to be available for allocations ( [supported Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-zone-avail) ). This option is only available for IPAM IPv4 pools in the public scope.\n\nIf you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.", + "title": "Locale", + "type": "string" + }, + "ProvisionedCidrs": { + "items": { + "$ref": "#/definitions/AWS::EC2::IPAMPool.ProvisionedCidr" + }, + "markdownDescription": "Information about the CIDRs provisioned to an IPAM pool.", + "title": "ProvisionedCidrs", + "type": "array" + }, + "PublicIpSource": { + "markdownDescription": "The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is `BYOIP` . For more information, see [Create IPv6 pools](https://docs.aws.amazon.com//vpc/latest/ipam/intro-create-ipv6-pools.html) in the *Amazon VPC IPAM User Guide* . By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see [Quotas for your IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/quotas-ipam.html) in the *Amazon VPC IPAM User Guide* .", + "title": "PublicIpSource", + "type": "string" + }, + "PubliclyAdvertisable": { + "markdownDescription": "Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to `ipv4` .", + "title": "PubliclyAdvertisable", + "type": "boolean" + }, + "SourceIpamPoolId": { + "markdownDescription": "The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.", + "title": "SourceIpamPoolId", + "type": "string" + }, + "SourceResource": { + "$ref": "#/definitions/AWS::EC2::IPAMPool.SourceResource", + "markdownDescription": "The resource used to provision CIDRs to a resource planning pool.", + "title": "SourceResource" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "AddressFamily", + "IpamScopeId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::IPAMPool" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::EC2::IPAMPool.ProvisionedCidr": { + "additionalProperties": false, + "properties": { + "Cidr": { + "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", + "title": "Cidr", + "type": "string" + } + }, + "required": [ + "Cidr" + ], + "type": "object" + }, + "AWS::EC2::IPAMPool.SourceResource": { + "additionalProperties": false, + "properties": { + "ResourceId": { + "markdownDescription": "The source resource ID.", + "title": "ResourceId", + "type": "string" + }, + "ResourceOwner": { + "markdownDescription": "The source resource owner.", + "title": "ResourceOwner", + "type": "string" + }, + "ResourceRegion": { + "markdownDescription": "The source resource Region.", + "title": "ResourceRegion", + "type": "string" + }, + "ResourceType": { + "markdownDescription": "The source resource type.", + "title": "ResourceType", + "type": "string" + } + }, + "required": [ + "ResourceId", + "ResourceOwner", + "ResourceRegion", + "ResourceType" + ], + "type": "object" + }, + "AWS::EC2::IPAMPoolCidr": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Cidr": { + "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", + "title": "Cidr", + "type": "string" + }, + "IpamPoolId": { + "markdownDescription": "The ID of the IPAM pool.", + "title": "IpamPoolId", + "type": "string" + }, + "NetmaskLength": { + "markdownDescription": "The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. \"NetmaskLength\" or \"Cidr\" is required.", + "title": "NetmaskLength", + "type": "number" + } + }, + "required": [ + "IpamPoolId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::IPAMPoolCidr" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::EC2::IPAMPrefixListResolver": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AddressFamily": { "type": "string" }, "Description": { - "markdownDescription": "The description of the IPAM pool.", - "title": "Description", "type": "string" }, - "IpamScopeId": { - "markdownDescription": "The ID of the scope in which you would like to create the IPAM pool.", - "title": "IpamScopeId", - "type": "string" - }, - "Locale": { - "markdownDescription": "The locale of the IPAM pool.\n\nThe locale for the pool should be one of the following:\n\n- An AWS Region where you want this IPAM pool to be available for allocations.\n- The network border group for an AWS Local Zone where you want this IPAM pool to be available for allocations ( [supported Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-zone-avail) ). This option is only available for IPAM IPv4 pools in the public scope.\n\nIf you choose an AWS Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.", - "title": "Locale", + "IpamId": { "type": "string" }, - "ProvisionedCidrs": { + "Rules": { "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPool.ProvisionedCidr" + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule" }, - "markdownDescription": "Information about the CIDRs provisioned to an IPAM pool.", - "title": "ProvisionedCidrs", "type": "array" }, - "PublicIpSource": { - "markdownDescription": "The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is `BYOIP` . For more information, see [Create IPv6 pools](https://docs.aws.amazon.com//vpc/latest/ipam/intro-create-ipv6-pools.html) in the *Amazon VPC IPAM User Guide* . By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see [Quotas for your IPAM](https://docs.aws.amazon.com//vpc/latest/ipam/quotas-ipam.html) in the *Amazon VPC IPAM User Guide* .", - "title": "PublicIpSource", - "type": "string" - }, - "PubliclyAdvertisable": { - "markdownDescription": "Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to `ipv4` .", - "title": "PubliclyAdvertisable", - "type": "boolean" - }, - "SourceIpamPoolId": { - "markdownDescription": "The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.", - "title": "SourceIpamPoolId", - "type": "string" - }, - "SourceResource": { - "$ref": "#/definitions/AWS::EC2::IPAMPool.SourceResource", - "markdownDescription": "The resource used to provision CIDRs to a resource planning pool.", - "title": "SourceResource" - }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key `Owner` and the value `TeamA` , specify `tag:Owner` for the filter name and `TeamA` for the filter value.", - "title": "Tags", "type": "array" } }, "required": [ - "AddressFamily", - "IpamScopeId" + "AddressFamily" ], "type": "object" }, "Type": { "enum": [ - "AWS::EC2::IPAMPool" + "AWS::EC2::IPAMPrefixListResolver" ], "type": "string" }, @@ -102156,130 +106886,64 @@ ], "type": "object" }, - "AWS::EC2::IPAMPool.ProvisionedCidr": { - "additionalProperties": false, - "properties": { - "Cidr": { - "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", - "title": "Cidr", - "type": "string" - } - }, - "required": [ - "Cidr" - ], - "type": "object" - }, - "AWS::EC2::IPAMPool.SourceResource": { + "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule": { "additionalProperties": false, "properties": { - "ResourceId": { - "markdownDescription": "The source resource ID.", - "title": "ResourceId", + "Conditions": { + "items": { + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition" + }, + "type": "array" + }, + "IpamScopeId": { "type": "string" }, - "ResourceOwner": { - "markdownDescription": "The source resource owner.", - "title": "ResourceOwner", + "ResourceType": { "type": "string" }, - "ResourceRegion": { - "markdownDescription": "The source resource Region.", - "title": "ResourceRegion", + "RuleType": { "type": "string" }, - "ResourceType": { - "markdownDescription": "The source resource type.", - "title": "ResourceType", + "StaticCidr": { "type": "string" } }, "required": [ - "ResourceId", - "ResourceOwner", - "ResourceRegion", - "ResourceType" + "RuleType" ], "type": "object" }, - "AWS::EC2::IPAMPoolCidr": { + "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition": { "additionalProperties": false, "properties": { - "Condition": { + "Cidr": { "type": "string" }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "IpamPoolId": { "type": "string" }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" + "Operation": { + "type": "string" }, - "Properties": { - "additionalProperties": false, - "properties": { - "Cidr": { - "markdownDescription": "The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is `10.24.34.0/23` . An IPv6 CIDR example is `2001:DB8::/32` .", - "title": "Cidr", - "type": "string" - }, - "IpamPoolId": { - "markdownDescription": "The ID of the IPAM pool.", - "title": "IpamPoolId", - "type": "string" - }, - "NetmaskLength": { - "markdownDescription": "The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. \"NetmaskLength\" or \"Cidr\" is required.", - "title": "NetmaskLength", - "type": "number" - } - }, - "required": [ - "IpamPoolId" - ], - "type": "object" + "ResourceId": { + "type": "string" }, - "Type": { - "enum": [ - "AWS::EC2::IPAMPoolCidr" - ], + "ResourceOwner": { "type": "string" }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "ResourceRegion": { "type": "string" + }, + "ResourceTag": { + "$ref": "#/definitions/Tag" } }, "required": [ - "Type", - "Properties" + "Operation" ], "type": "object" }, - "AWS::EC2::IPAMPrefixListResolver": { + "AWS::EC2::IPAMPrefixListResolverTarget": { "additionalProperties": false, "properties": { "Condition": { @@ -102314,36 +106978,39 @@ "Properties": { "additionalProperties": false, "properties": { - "AddressFamily": { - "type": "string" + "DesiredVersion": { + "type": "number" }, - "Description": { + "IpamPrefixListResolverId": { "type": "string" }, - "IpamId": { + "PrefixListId": { "type": "string" }, - "Rules": { - "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule" - }, - "type": "array" + "PrefixListRegion": { + "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, "type": "array" + }, + "TrackLatestVersion": { + "type": "boolean" } }, "required": [ - "AddressFamily" + "IpamPrefixListResolverId", + "PrefixListId", + "PrefixListRegion", + "TrackLatestVersion" ], "type": "object" }, "Type": { "enum": [ - "AWS::EC2::IPAMPrefixListResolver" + "AWS::EC2::IPAMPrefixListResolverTarget" ], "type": "string" }, @@ -102362,63 +107029,6 @@ ], "type": "object" }, - "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRule": { - "additionalProperties": false, - "properties": { - "Conditions": { - "items": { - "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition" - }, - "type": "array" - }, - "IpamScopeId": { - "type": "string" - }, - "ResourceType": { - "type": "string" - }, - "RuleType": { - "type": "string" - }, - "StaticCidr": { - "type": "string" - } - }, - "required": [ - "RuleType" - ], - "type": "object" - }, - "AWS::EC2::IPAMPrefixListResolver.IpamPrefixListResolverRuleCondition": { - "additionalProperties": false, - "properties": { - "Cidr": { - "type": "string" - }, - "IpamPoolId": { - "type": "string" - }, - "Operation": { - "type": "string" - }, - "ResourceId": { - "type": "string" - }, - "ResourceOwner": { - "type": "string" - }, - "ResourceRegion": { - "type": "string" - }, - "ResourceTag": { - "$ref": "#/definitions/Tag" - } - }, - "required": [ - "Operation" - ], - "type": "object" - }, "AWS::EC2::IPAMResourceDiscovery": { "additionalProperties": false, "properties": { @@ -103584,6 +108194,30 @@ ], "type": "object" }, + "AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames": { + "additionalProperties": false, + "properties": { + "DnsName": { + "type": "string" + }, + "FipsDnsName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointPublicDnsNames": { + "additionalProperties": false, + "properties": { + "Dualstack": { + "$ref": "#/definitions/AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames" + }, + "Ipv4": { + "$ref": "#/definitions/AWS::EC2::InstanceConnectEndpoint.InstanceConnectEndpointDnsNames" + } + }, + "type": "object" + }, "AWS::EC2::InternetGateway": { "additionalProperties": false, "properties": { @@ -110273,6 +114907,74 @@ }, "type": "object" }, + "AWS::EC2::SqlHaStandbyDetectedInstance": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "InstanceId": { + "type": "string" + }, + "SqlServerCredentials": { + "type": "string" + } + }, + "required": [ + "InstanceId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::EC2::SqlHaStandbyDetectedInstance" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::EC2::Subnet": { "additionalProperties": false, "properties": { @@ -116938,6 +121640,15 @@ }, "type": "object" }, + "AWS::ECS::CapacityProvider.AutoRepairConfiguration": { + "additionalProperties": false, + "properties": { + "ActionsStatus": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.AutoScalingGroupProvider": { "additionalProperties": false, "properties": { @@ -116983,6 +121694,18 @@ }, "type": "object" }, + "AWS::ECS::CapacityProvider.CapacityReservationRequest": { + "additionalProperties": false, + "properties": { + "ReservationGroupArn": { + "type": "string" + }, + "ReservationPreference": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.InfrastructureOptimization": { "additionalProperties": false, "properties": { @@ -117002,6 +121725,9 @@ "title": "CapacityOptionType", "type": "string" }, + "CapacityReservations": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.CapacityReservationRequest" + }, "Ec2InstanceProfileArn": { "markdownDescription": "The Amazon Resource Name (ARN) of the instance profile that Amazon ECS applies to Amazon ECS Managed Instances. This instance profile must include the necessary permissions for your tasks to access AWS services and resources.\n\nFor more information, see [Amazon ECS instance profile for Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-instance-profile.html) in the *Amazon ECS Developer Guide* .", "title": "Ec2InstanceProfileArn", @@ -117010,11 +121736,17 @@ "FipsEnabled": { "type": "boolean" }, + "InstanceMetadataTagsPropagation": { + "type": "boolean" + }, "InstanceRequirements": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InstanceRequirementsRequest", "markdownDescription": "The instance requirements. You can specify:\n\n- The instance types\n- Instance requirements such as vCPU count, memory, network performance, and accelerator specifications\n\nAmazon ECS automatically selects the instances that match the specified criteria.", "title": "InstanceRequirements" }, + "LocalStorageConfiguration": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.ManagedInstancesLocalStorageConfiguration" + }, "Monitoring": { "markdownDescription": "CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see [Detailed monitoring for Amazon ECS Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/detailed-monitoring-managed-instances.html) in the Amazon ECS Developer Guide.", "title": "Monitoring", @@ -117191,6 +121923,15 @@ ], "type": "object" }, + "AWS::ECS::CapacityProvider.ManagedInstancesLocalStorageConfiguration": { + "additionalProperties": false, + "properties": { + "UseLocalStorage": { + "type": "boolean" + } + }, + "type": "object" + }, "AWS::ECS::CapacityProvider.ManagedInstancesNetworkConfiguration": { "additionalProperties": false, "properties": { @@ -117220,6 +121961,9 @@ "AWS::ECS::CapacityProvider.ManagedInstancesProvider": { "additionalProperties": false, "properties": { + "AutoRepairConfiguration": { + "$ref": "#/definitions/AWS::ECS::CapacityProvider.AutoRepairConfiguration" + }, "InfrastructureOptimization": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.InfrastructureOptimization", "markdownDescription": "Defines how Amazon ECS Managed Instances optimizes the infrastastructure in your capacity provider. Configure it to turn on or off the infrastructure optimization in your capacity provider, and to control the idle or underutilized EC2 instances optimization delay.", @@ -117666,37 +122410,274 @@ "Properties": { "additionalProperties": false, "properties": { - "CapacityProviders": { + "CapacityProviders": { + "items": { + "type": "string" + }, + "markdownDescription": "The capacity providers to associate with the cluster.", + "title": "CapacityProviders", + "type": "array" + }, + "Cluster": { + "markdownDescription": "The cluster the capacity provider association is the target of.", + "title": "Cluster", + "type": "string" + }, + "DefaultCapacityProviderStrategy": { + "items": { + "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy" + }, + "markdownDescription": "The default capacity provider strategy to associate with the cluster.", + "title": "DefaultCapacityProviderStrategy", + "type": "array" + } + }, + "required": [ + "Cluster", + "DefaultCapacityProviderStrategy" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ECS::ClusterCapacityProviderAssociations" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy": { + "additionalProperties": false, + "properties": { + "Base": { + "markdownDescription": "The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.\n\nBase value characteristics:\n\n- Only one capacity provider in a strategy can have a base defined\n- The default value is `0` if not specified\n- The valid range is 0 to 100,000\n- Base requirements are satisfied first before weight distribution", + "title": "Base", + "type": "number" + }, + "CapacityProvider": { + "markdownDescription": "The short name of the capacity provider. This can be either an AWS managed capacity provider ( `FARGATE` or `FARGATE_SPOT` ) or the name of a custom capacity provider that you created.", + "title": "CapacityProvider", + "type": "string" + }, + "Weight": { + "markdownDescription": "The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied.\n\nIf no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.\n\nWeight value characteristics:\n\n- Weight is considered after the base value is satisfied\n- The default value is `0` if not specified\n- The valid range is 0 to 1,000\n- At least one capacity provider must have a weight greater than zero\n- Capacity providers with weight of `0` cannot place tasks\n\nTask distribution logic:\n\n- Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider\n- Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios\n\nExamples:\n\nEqual Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met.\n\nWeighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4` , then for every 1 task on A, 4 tasks will run on B.", + "title": "Weight", + "type": "number" + } + }, + "required": [ + "CapacityProvider" + ], + "type": "object" + }, + "AWS::ECS::Daemon": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CapacityProviderArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ClusterArn": { + "type": "string" + }, + "DaemonName": { + "type": "string" + }, + "DaemonTaskDefinitionArn": { + "type": "string" + }, + "DeploymentConfiguration": { + "$ref": "#/definitions/AWS::ECS::Daemon.DaemonDeploymentConfiguration" + }, + "EnableECSManagedTags": { + "type": "boolean" + }, + "EnableExecuteCommand": { + "type": "boolean" + }, + "PropagateTags": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ECS::Daemon" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::ECS::Daemon.DaemonAlarmConfiguration": { + "additionalProperties": false, + "properties": { + "AlarmNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Enable": { + "type": "boolean" + } + }, + "type": "object" + }, + "AWS::ECS::Daemon.DaemonDeploymentConfiguration": { + "additionalProperties": false, + "properties": { + "Alarms": { + "$ref": "#/definitions/AWS::ECS::Daemon.DaemonAlarmConfiguration" + }, + "BakeTimeInMinutes": { + "type": "number" + }, + "DrainPercent": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ContainerDefinitions": { "items": { - "type": "string" + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.DaemonContainerDefinition" }, - "markdownDescription": "The capacity providers to associate with the cluster.", - "title": "CapacityProviders", "type": "array" }, - "Cluster": { - "markdownDescription": "The cluster the capacity provider association is the target of.", - "title": "Cluster", + "Cpu": { "type": "string" }, - "DefaultCapacityProviderStrategy": { + "ExecutionRoleArn": { + "type": "string" + }, + "Family": { + "type": "string" + }, + "Memory": { + "type": "string" + }, + "Tags": { "items": { - "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy" + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TaskRoleArn": { + "type": "string" + }, + "Volumes": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Volume" }, - "markdownDescription": "The default capacity provider strategy to associate with the cluster.", - "title": "DefaultCapacityProviderStrategy", "type": "array" } }, - "required": [ - "Cluster", - "DefaultCapacityProviderStrategy" - ], "type": "object" }, "Type": { "enum": [ - "AWS::ECS::ClusterCapacityProviderAssociations" + "AWS::ECS::DaemonTaskDefinition" ], "type": "string" }, @@ -117710,35 +122691,431 @@ } }, "required": [ - "Type", - "Properties" + "Type" ], "type": "object" }, - "AWS::ECS::ClusterCapacityProviderAssociations.CapacityProviderStrategy": { + "AWS::ECS::DaemonTaskDefinition.ContainerDependency": { "additionalProperties": false, "properties": { - "Base": { - "markdownDescription": "The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.\n\nBase value characteristics:\n\n- Only one capacity provider in a strategy can have a base defined\n- The default value is `0` if not specified\n- The valid range is 0 to 100,000\n- Base requirements are satisfied first before weight distribution", - "title": "Base", + "Condition": { + "type": "string" + }, + "ContainerName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.DaemonContainerDefinition": { + "additionalProperties": false, + "properties": { + "Command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Cpu": { "type": "number" }, - "CapacityProvider": { - "markdownDescription": "The short name of the capacity provider. This can be either an AWS managed capacity provider ( `FARGATE` or `FARGATE_SPOT` ) or the name of a custom capacity provider that you created.", - "title": "CapacityProvider", + "DependsOn": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.ContainerDependency" + }, + "type": "array" + }, + "EntryPoint": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Environment": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.KeyValuePair" + }, + "type": "array" + }, + "EnvironmentFiles": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.EnvironmentFile" + }, + "type": "array" + }, + "Essential": { + "type": "boolean" + }, + "FirelensConfiguration": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.FirelensConfiguration" + }, + "HealthCheck": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.HealthCheck" + }, + "Image": { "type": "string" }, - "Weight": { - "markdownDescription": "The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied.\n\nIf no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.\n\nWeight value characteristics:\n\n- Weight is considered after the base value is satisfied\n- The default value is `0` if not specified\n- The valid range is 0 to 1,000\n- At least one capacity provider must have a weight greater than zero\n- Capacity providers with weight of `0` cannot place tasks\n\nTask distribution logic:\n\n- Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider\n- Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios\n\nExamples:\n\nEqual Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met.\n\nWeighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4` , then for every 1 task on A, 4 tasks will run on B.", - "title": "Weight", + "Interactive": { + "type": "boolean" + }, + "LinuxParameters": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.LinuxParameters" + }, + "LogConfiguration": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.LogConfiguration" + }, + "Memory": { + "type": "number" + }, + "MemoryReservation": { + "type": "number" + }, + "MountPoints": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.MountPoint" + }, + "type": "array" + }, + "Name": { + "type": "string" + }, + "Privileged": { + "type": "boolean" + }, + "PseudoTerminal": { + "type": "boolean" + }, + "ReadonlyRootFilesystem": { + "type": "boolean" + }, + "RepositoryCredentials": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.RepositoryCredentials" + }, + "RestartPolicy": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.RestartPolicy" + }, + "Secrets": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Secret" + }, + "type": "array" + }, + "StartTimeout": { + "type": "number" + }, + "StopTimeout": { "type": "number" + }, + "SystemControls": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.SystemControl" + }, + "type": "array" + }, + "Ulimits": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Ulimit" + }, + "type": "array" + }, + "User": { + "type": "string" + }, + "WorkingDirectory": { + "type": "string" } }, "required": [ - "CapacityProvider" + "Image", + "Name" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Device": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "HostPath": { + "type": "string" + }, + "Permissions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.EnvironmentFile": { + "additionalProperties": false, + "properties": { + "Type": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.FirelensConfiguration": { + "additionalProperties": false, + "properties": { + "Options": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "Type": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.HealthCheck": { + "additionalProperties": false, + "properties": { + "Command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Interval": { + "type": "number" + }, + "Retries": { + "type": "number" + }, + "StartPeriod": { + "type": "number" + }, + "Timeout": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.HostVolumeProperties": { + "additionalProperties": false, + "properties": { + "SourcePath": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.KernelCapabilities": { + "additionalProperties": false, + "properties": { + "Add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.KeyValuePair": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.LinuxParameters": { + "additionalProperties": false, + "properties": { + "Capabilities": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.KernelCapabilities" + }, + "Devices": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Device" + }, + "type": "array" + }, + "InitProcessEnabled": { + "type": "boolean" + }, + "Tmpfs": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Tmpfs" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.LogConfiguration": { + "additionalProperties": false, + "properties": { + "LogDriver": { + "type": "string" + }, + "Options": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "SecretOptions": { + "items": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.Secret" + }, + "type": "array" + } + }, + "required": [ + "LogDriver" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.MountPoint": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "ReadOnly": { + "type": "boolean" + }, + "SourceVolume": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.RepositoryCredentials": { + "additionalProperties": false, + "properties": { + "CredentialsParameter": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.RestartPolicy": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "IgnoredExitCodes": { + "items": { + "type": "number" + }, + "type": "array" + }, + "RestartAttemptPeriod": { + "type": "number" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Secret": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "ValueFrom": { + "type": "string" + } + }, + "required": [ + "Name", + "ValueFrom" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.SystemControl": { + "additionalProperties": false, + "properties": { + "Namespace": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Tmpfs": { + "additionalProperties": false, + "properties": { + "ContainerPath": { + "type": "string" + }, + "MountOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Size": { + "type": "number" + } + }, + "required": [ + "Size" + ], + "type": "object" + }, + "AWS::ECS::DaemonTaskDefinition.Ulimit": { + "additionalProperties": false, + "properties": { + "HardLimit": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "SoftLimit": { + "type": "number" + } + }, + "required": [ + "HardLimit", + "Name", + "SoftLimit" ], "type": "object" }, + "AWS::ECS::DaemonTaskDefinition.Volume": { + "additionalProperties": false, + "properties": { + "Host": { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition.HostVolumeProperties" + }, + "Name": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ECS::ExpressGatewayService": { "additionalProperties": false, "properties": { @@ -120314,6 +125691,27 @@ }, "type": "object" }, + "AWS::ECS::TaskDefinition.S3FilesVolumeConfiguration": { + "additionalProperties": false, + "properties": { + "AccessPointArn": { + "type": "string" + }, + "FileSystemArn": { + "type": "string" + }, + "RootDirectory": { + "type": "string" + }, + "TransitEncryptionPort": { + "type": "number" + } + }, + "required": [ + "FileSystemArn" + ], + "type": "object" + }, "AWS::ECS::TaskDefinition.Secret": { "additionalProperties": false, "properties": { @@ -120454,6 +125852,9 @@ "markdownDescription": "The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.\n\nWhen using a volume configured at launch, the `name` is required and must also be specified as the volume name in the `ServiceVolumeConfiguration` or `TaskVolumeConfiguration` parameter when creating your service or standalone task.\n\nFor all other types of volumes, this name is referenced in the `sourceVolume` parameter of the `mountPoints` object in the container definition.\n\nWhen a volume is using the `efsVolumeConfiguration` , the name is required.", "title": "Name", "type": "string" + }, + "S3FilesVolumeConfiguration": { + "$ref": "#/definitions/AWS::ECS::TaskDefinition.S3FilesVolumeConfiguration" } }, "type": "object" @@ -122181,9 +127582,6 @@ "type": "array" } }, - "required": [ - "RemoteNodeNetworks" - ], "type": "object" }, "AWS::EKS::Cluster.RemoteNodeNetwork": { @@ -122750,6 +128148,9 @@ "markdownDescription": "The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify `launchTemplate` , and your launch template uses a custom AMI, then don't specify `version` , or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .\n\n> You can't update other properties at the same time as updating `Version` .", "title": "Version", "type": "string" + }, + "WarmPoolConfig": { + "$ref": "#/definitions/AWS::EKS::Nodegroup.WarmPoolConfig" } }, "required": [ @@ -122951,6 +128352,27 @@ }, "type": "object" }, + "AWS::EKS::Nodegroup.WarmPoolConfig": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "MaxGroupPreparedCapacity": { + "type": "number" + }, + "MinSize": { + "type": "number" + }, + "PoolState": { + "type": "string" + }, + "ReuseOnScaleIn": { + "type": "boolean" + } + }, + "type": "object" + }, "AWS::EKS::PodIdentityAssociation": { "additionalProperties": false, "properties": { @@ -127833,14 +133255,6 @@ "title": "CacheParameterGroupName", "type": "string" }, - "CacheSecurityGroupNames": { - "items": { - "type": "string" - }, - "markdownDescription": "A list of cache security group names to associate with this replication group.", - "title": "CacheSecurityGroupNames", - "type": "array" - }, "CacheSubnetGroupName": { "markdownDescription": "The name of the cache subnet group to be used for the replication group.\n\n> If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see [AWS::ElastiCache::SubnetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-subnetgroup.html) .", "title": "CacheSubnetGroupName", @@ -128079,6 +133493,18 @@ }, "type": "object" }, + "AWS::ElastiCache::ReplicationGroup.Endpoint": { + "additionalProperties": false, + "properties": { + "Address": { + "type": "string" + }, + "Port": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ElastiCache::ReplicationGroup.KinesisFirehoseDestinationDetails": { "additionalProperties": false, "properties": { @@ -128159,6 +133585,30 @@ }, "type": "object" }, + "AWS::ElastiCache::ReplicationGroup.ReadEndPoint": { + "additionalProperties": false, + "properties": { + "Addresses": { + "type": "string" + }, + "AddressesList": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Ports": { + "type": "string" + }, + "PortsList": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::ElastiCache::SecurityGroup": { "additionalProperties": false, "properties": { @@ -132227,6 +137677,131 @@ }, "type": "object" }, + "AWS::ElementalInference::Feed": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Outputs": { + "items": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.GetOutput" + }, + "type": "array" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name", + "Outputs" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ElementalInference::Feed" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ElementalInference::Feed.ClippingConfig": { + "additionalProperties": false, + "properties": { + "CallbackMetadata": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ElementalInference::Feed.GetOutput": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "OutputConfig": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.OutputConfig" + }, + "Status": { + "type": "string" + } + }, + "required": [ + "Name", + "OutputConfig", + "Status" + ], + "type": "object" + }, + "AWS::ElementalInference::Feed.OutputConfig": { + "additionalProperties": false, + "properties": { + "Clipping": { + "$ref": "#/definitions/AWS::ElementalInference::Feed.ClippingConfig" + }, + "Cropping": { + "type": "object" + } + }, + "type": "object" + }, "AWS::EntityResolution::IdMappingWorkflow": { "additionalProperties": false, "properties": { @@ -137804,6 +143379,21 @@ }, "type": "object" }, + "AWS::FSx::FileSystem.FsrmConfiguration": { + "additionalProperties": false, + "properties": { + "EventLogDestination": { + "type": "string" + }, + "FsrmServiceEnabled": { + "type": "boolean" + } + }, + "required": [ + "FsrmServiceEnabled" + ], + "type": "object" + }, "AWS::FSx::FileSystem.LustreConfiguration": { "additionalProperties": false, "properties": { @@ -138256,6 +143846,9 @@ "markdownDescription": "The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for Windows file system. By default, Amazon FSx automatically provisions 3 IOPS per GiB of storage capacity. You can provision additional IOPS per GiB of storage, up to the maximum limit associated with your chosen throughput capacity.", "title": "DiskIopsConfiguration" }, + "FsrmConfiguration": { + "$ref": "#/definitions/AWS::FSx::FileSystem.FsrmConfiguration" + }, "PreferredSubnetId": { "markdownDescription": "Required when `DeploymentType` is set to `MULTI_AZ_1` . This specifies the subnet in which you want the preferred file server to be located. For in- AWS applications, we recommend that you launch your clients in the same availability zone as your preferred file server to reduce cross-availability zone data transfer costs and minimize latency.", "title": "PreferredSubnetId", @@ -141202,6 +146795,9 @@ "title": "PerInstanceContainerGroupDefinitionName", "type": "string" }, + "PlayerGatewayMode": { + "type": "string" + }, "ScalingPolicies": { "items": { "$ref": "#/definitions/AWS::GameLift::ContainerFleet.ScalingPolicy" @@ -141385,6 +146981,9 @@ "markdownDescription": "", "title": "LocationCapacity" }, + "PlayerGatewayStatus": { + "type": "string" + }, "StoppedActions": { "items": { "type": "string" @@ -142032,6 +147631,12 @@ "title": "PeerVpcId", "type": "string" }, + "PlayerGatewayConfiguration": { + "$ref": "#/definitions/AWS::GameLift::Fleet.PlayerGatewayConfiguration" + }, + "PlayerGatewayMode": { + "type": "string" + }, "ResourceCreationLimitPolicy": { "$ref": "#/definitions/AWS::GameLift::Fleet.ResourceCreationLimitPolicy", "markdownDescription": "A policy that limits the number of game sessions that an individual player can create on instances in this fleet within a specified span of time.", @@ -142189,6 +147794,9 @@ "$ref": "#/definitions/AWS::GameLift::Fleet.LocationCapacity", "markdownDescription": "Current resource capacity settings for managed EC2 fleets and managed container fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region.\n\n*Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html)", "title": "LocationCapacity" + }, + "PlayerGatewayStatus": { + "type": "string" } }, "required": [ @@ -142211,6 +147819,15 @@ ], "type": "object" }, + "AWS::GameLift::Fleet.PlayerGatewayConfiguration": { + "additionalProperties": false, + "properties": { + "GameServerIpProtocolSupported": { + "type": "string" + } + }, + "type": "object" + }, "AWS::GameLift::Fleet.ResourceCreationLimitPolicy": { "additionalProperties": false, "properties": { @@ -143607,40 +149224,170 @@ "Properties": { "additionalProperties": false, "properties": { - "AcceleratorArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of your accelerator.", - "title": "AcceleratorArn", + "AcceleratorArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of your accelerator.", + "title": "AcceleratorArn", + "type": "string" + }, + "ClientAffinity": { + "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties\u2014source IP address, source port, destination IP address, destination port, and protocol\u2014to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties\u2014 source (client) IP address and destination IP address\u2014to select the hash value.\n\nThe default value is `NONE` .", + "title": "ClientAffinity", + "type": "string" + }, + "PortRanges": { + "items": { + "$ref": "#/definitions/AWS::GlobalAccelerator::Listener.PortRange" + }, + "markdownDescription": "The list of port ranges for the connections from clients to the accelerator.", + "title": "PortRanges", + "type": "array" + }, + "Protocol": { + "markdownDescription": "The protocol for the connections from clients to the accelerator.", + "title": "Protocol", + "type": "string" + } + }, + "required": [ + "AcceleratorArn", + "PortRanges", + "Protocol" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::GlobalAccelerator::Listener" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::GlobalAccelerator::Listener.PortRange": { + "additionalProperties": false, + "properties": { + "FromPort": { + "markdownDescription": "The first port in the range of ports, inclusive.", + "title": "FromPort", + "type": "number" + }, + "ToPort": { + "markdownDescription": "The last port in the range of ports, inclusive.", + "title": "ToPort", + "type": "number" + } + }, + "required": [ + "FromPort", + "ToPort" + ], + "type": "object" + }, + "AWS::Glue::Catalog": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AllowFullTableExternalDataAccess": { "type": "string" }, - "ClientAffinity": { - "markdownDescription": "Client affinity lets you direct all requests from a user to the same endpoint, if you have stateful applications, regardless of the port and protocol of the client request. Client affinity gives you control over whether to always route each client to the same specific endpoint.\n\nAWS Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a connection. If client affinity is `NONE` , Global Accelerator uses the \"five-tuple\" (5-tuple) properties\u2014source IP address, source port, destination IP address, destination port, and protocol\u2014to select the hash value, and then chooses the best endpoint. However, with this setting, if someone uses different ports to connect to Global Accelerator, their connections might not be always routed to the same endpoint because the hash value changes.\n\nIf you want a given client to always be routed to the same endpoint, set client affinity to `SOURCE_IP` instead. When you use the `SOURCE_IP` setting, Global Accelerator uses the \"two-tuple\" (2-tuple) properties\u2014 source (client) IP address and destination IP address\u2014to select the hash value.\n\nThe default value is `NONE` .", - "title": "ClientAffinity", - "type": "string" + "CatalogProperties": { + "$ref": "#/definitions/AWS::Glue::Catalog.CatalogProperties" }, - "PortRanges": { + "CreateDatabaseDefaultPermissions": { "items": { - "$ref": "#/definitions/AWS::GlobalAccelerator::Listener.PortRange" + "$ref": "#/definitions/AWS::Glue::Catalog.PrincipalPermissions" }, - "markdownDescription": "The list of port ranges for the connections from clients to the accelerator.", - "title": "PortRanges", "type": "array" }, - "Protocol": { - "markdownDescription": "The protocol for the connections from clients to the accelerator.", - "title": "Protocol", + "CreateTableDefaultPermissions": { + "items": { + "$ref": "#/definitions/AWS::Glue::Catalog.PrincipalPermissions" + }, + "type": "array" + }, + "Description": { + "type": "string" + }, + "FederatedCatalog": { + "$ref": "#/definitions/AWS::Glue::Catalog.FederatedCatalog" + }, + "Name": { + "type": "string" + }, + "OverwriteChildResourcePermissionsWithDefault": { "type": "string" + }, + "Parameters": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetRedshiftCatalog": { + "$ref": "#/definitions/AWS::Glue::Catalog.TargetRedshiftCatalog" } }, "required": [ - "AcceleratorArn", - "PortRanges", - "Protocol" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::GlobalAccelerator::Listener" + "AWS::Glue::Catalog" ], "type": "string" }, @@ -143659,23 +149406,99 @@ ], "type": "object" }, - "AWS::GlobalAccelerator::Listener.PortRange": { + "AWS::Glue::Catalog.CatalogProperties": { "additionalProperties": false, "properties": { - "FromPort": { - "markdownDescription": "The first port in the range of ports, inclusive.", - "title": "FromPort", - "type": "number" + "CustomProperties": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" }, - "ToPort": { - "markdownDescription": "The last port in the range of ports, inclusive.", - "title": "ToPort", - "type": "number" + "DataLakeAccessProperties": { + "$ref": "#/definitions/AWS::Glue::Catalog.DataLakeAccessProperties" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.DataLakeAccessProperties": { + "additionalProperties": false, + "properties": { + "AllowFullTableExternalDataAccess": { + "type": "string" + }, + "CatalogType": { + "type": "string" + }, + "DataLakeAccess": { + "type": "boolean" + }, + "DataTransferRole": { + "type": "string" + }, + "KmsKey": { + "type": "string" + }, + "ManagedWorkgroupName": { + "type": "string" + }, + "ManagedWorkgroupStatus": { + "type": "string" + }, + "RedshiftDatabaseName": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.DataLakePrincipal": { + "additionalProperties": false, + "properties": { + "DataLakePrincipalIdentifier": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.FederatedCatalog": { + "additionalProperties": false, + "properties": { + "ConnectionName": { + "type": "string" + }, + "Identifier": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.PrincipalPermissions": { + "additionalProperties": false, + "properties": { + "Permissions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Principal": { + "$ref": "#/definitions/AWS::Glue::Catalog.DataLakePrincipal" + } + }, + "type": "object" + }, + "AWS::Glue::Catalog.TargetRedshiftCatalog": { + "additionalProperties": false, + "properties": { + "CatalogArn": { + "type": "string" } }, "required": [ - "FromPort", - "ToPort" + "CatalogArn" ], "type": "object" }, @@ -147105,6 +152928,9 @@ "title": "DatabaseName", "type": "string" }, + "Name": { + "type": "string" + }, "OpenTableFormatInput": { "$ref": "#/definitions/AWS::Glue::Table.OpenTableFormatInput", "markdownDescription": "Specifies an `OpenTableFormatInput` structure when creating an open format table.", @@ -147118,8 +152944,7 @@ }, "required": [ "CatalogId", - "DatabaseName", - "TableInput" + "DatabaseName" ], "type": "object" }, @@ -147171,6 +152996,9 @@ "AWS::Glue::Table.IcebergInput": { "additionalProperties": false, "properties": { + "IcebergTableInput": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergTableInput" + }, "MetadataOperation": { "$ref": "#/definitions/AWS::Glue::Table.MetadataOperation", "markdownDescription": "A required metadata operation. Can only be set to CREATE.", @@ -147184,6 +153012,169 @@ }, "type": "object" }, + "AWS::Glue::Table.IcebergPartitionField": { + "additionalProperties": false, + "properties": { + "FieldId": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "SourceId": { + "type": "number" + }, + "Transform": { + "type": "string" + } + }, + "required": [ + "Name", + "SourceId", + "Transform" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergPartitionSpec": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergPartitionField" + }, + "type": "array" + }, + "SpecId": { + "type": "number" + } + }, + "required": [ + "Fields" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSchema": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergStructField" + }, + "type": "array" + }, + "IdentifierFieldIds": { + "items": { + "type": "number" + }, + "type": "array" + }, + "SchemaId": { + "type": "number" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Fields" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSortField": { + "additionalProperties": false, + "properties": { + "Direction": { + "type": "string" + }, + "NullOrder": { + "type": "string" + }, + "SourceId": { + "type": "number" + }, + "Transform": { + "type": "string" + } + }, + "required": [ + "Direction", + "NullOrder", + "SourceId", + "Transform" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergSortOrder": { + "additionalProperties": false, + "properties": { + "Fields": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSortField" + }, + "type": "array" + }, + "OrderId": { + "type": "number" + } + }, + "required": [ + "Fields", + "OrderId" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergStructField": { + "additionalProperties": false, + "properties": { + "Doc": { + "type": "string" + }, + "Id": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "Required": { + "type": "boolean" + }, + "Type": { + "type": "string" + } + }, + "required": [ + "Id", + "Name", + "Required", + "Type" + ], + "type": "object" + }, + "AWS::Glue::Table.IcebergTableInput": { + "additionalProperties": false, + "properties": { + "Location": { + "type": "string" + }, + "PartitionSpec": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergPartitionSpec" + }, + "Properties": { + "type": "object" + }, + "Schema": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSchema" + }, + "WriteOrder": { + "$ref": "#/definitions/AWS::Glue::Table.IcebergSortOrder" + } + }, + "required": [ + "Location", + "Schema" + ], + "type": "object" + }, "AWS::Glue::Table.MetadataOperation": { "additionalProperties": false, "properties": {}, @@ -147467,6 +153458,9 @@ "markdownDescription": "A `TableIdentifier` structure that describes a target table for resource linking.", "title": "TargetTable" }, + "ViewDefinition": { + "$ref": "#/definitions/AWS::Glue::Table.ViewDefinition" + }, "ViewExpandedText": { "markdownDescription": "Included for Apache Hive compatibility. Not used in the normal course of AWS Glue operations.", "title": "ViewExpandedText", @@ -147480,6 +153474,51 @@ }, "type": "object" }, + "AWS::Glue::Table.ViewDefinition": { + "additionalProperties": false, + "properties": { + "Definer": { + "type": "string" + }, + "IsProtected": { + "type": "boolean" + }, + "Representations": { + "items": { + "$ref": "#/definitions/AWS::Glue::Table.ViewRepresentation" + }, + "type": "array" + }, + "SubObjects": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::Glue::Table.ViewRepresentation": { + "additionalProperties": false, + "properties": { + "Dialect": { + "type": "string" + }, + "DialectVersion": { + "type": "string" + }, + "ValidationConnection": { + "type": "string" + }, + "ViewExpandedText": { + "type": "string" + }, + "ViewOriginalText": { + "type": "string" + } + }, + "type": "object" + }, "AWS::Glue::TableOptimizer": { "additionalProperties": false, "properties": { @@ -161365,6 +167404,116 @@ ], "type": "object" }, + "AWS::Interconnect::Connection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ActivationKey": { + "type": "string" + }, + "AttachPoint": { + "$ref": "#/definitions/AWS::Interconnect::Connection.AttachPoint" + }, + "Bandwidth": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "EnvironmentId": { + "type": "string" + }, + "RemoteOwnerAccount": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "AttachPoint" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Interconnect::Connection" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Interconnect::Connection.AttachPoint": { + "additionalProperties": false, + "properties": { + "Arn": { + "type": "string" + }, + "DirectConnectGateway": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::Interconnect::Connection.Provider": { + "additionalProperties": false, + "properties": { + "CloudServiceProvider": { + "type": "string" + }, + "LastMileProvider": { + "type": "string" + } + }, + "type": "object" + }, "AWS::InternetMonitor::Monitor": { "additionalProperties": false, "properties": { @@ -165426,240 +171575,232 @@ "Properties": { "additionalProperties": false, "properties": { - "Principal": { - "markdownDescription": "The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID.", - "title": "Principal", - "type": "string" - }, - "ThingName": { - "markdownDescription": "The name of the AWS IoT thing.", - "title": "ThingName", - "type": "string" - }, - "ThingPrincipalType": { - "markdownDescription": "", - "title": "ThingPrincipalType", - "type": "string" - } - }, - "required": [ - "Principal", - "ThingName" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::IoT::ThingPrincipalAttachment" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::IoT::ThingType": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "DeprecateThingType": { - "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", - "title": "DeprecateThingType", - "type": "boolean" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "Metadata which can be used to manage the thing type.", - "title": "Tags", - "type": "array" - }, - "ThingTypeName": { - "markdownDescription": "The name of the thing type.", - "title": "ThingTypeName", - "type": "string" - }, - "ThingTypeProperties": { - "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", - "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", - "title": "ThingTypeProperties" - } - }, - "type": "object" - }, - "Type": { - "enum": [ - "AWS::IoT::ThingType" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "AWS::IoT::ThingType.Mqtt5Configuration": { - "additionalProperties": false, - "properties": { - "PropagatingAttributes": { - "items": { - "$ref": "#/definitions/AWS::IoT::ThingType.PropagatingAttribute" - }, - "markdownDescription": "An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key.", - "title": "PropagatingAttributes", - "type": "array" - } - }, - "type": "object" - }, - "AWS::IoT::ThingType.PropagatingAttribute": { - "additionalProperties": false, - "properties": { - "ConnectionAttribute": { - "markdownDescription": "The attribute associated with the connection details.", - "title": "ConnectionAttribute", - "type": "string" - }, - "ThingAttribute": { - "markdownDescription": "The thing attribute that is propagating for MQTT 5 message enrichment.", - "title": "ThingAttribute", - "type": "string" - }, - "UserPropertyKey": { - "markdownDescription": "The key of the MQTT 5 user property, which is a key-value pair.", - "title": "UserPropertyKey", - "type": "string" - } - }, - "required": [ - "UserPropertyKey" - ], - "type": "object" - }, - "AWS::IoT::ThingType.ThingTypeProperties": { - "additionalProperties": false, - "properties": { - "Mqtt5Configuration": { - "$ref": "#/definitions/AWS::IoT::ThingType.Mqtt5Configuration", - "markdownDescription": "The configuration to add user-defined properties to enrich MQTT 5 messages.", - "title": "Mqtt5Configuration" - }, - "SearchableAttributes": { - "items": { - "type": "string" - }, - "markdownDescription": "A list of searchable thing attribute names.", - "title": "SearchableAttributes", - "type": "array" - }, - "ThingTypeDescription": { - "markdownDescription": "The description of the thing type.", - "title": "ThingTypeDescription", - "type": "string" - } - }, - "type": "object" - }, - "AWS::IoT::TopicRule": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "RuleName": { - "markdownDescription": "The name of the rule.", - "title": "RuleName", + "Principal": { + "markdownDescription": "The principal, which can be a certificate ARN (as returned from the `CreateCertificate` operation) or an Amazon Cognito ID.", + "title": "Principal", + "type": "string" + }, + "ThingName": { + "markdownDescription": "The name of the AWS IoT thing.", + "title": "ThingName", + "type": "string" + }, + "ThingPrincipalType": { + "markdownDescription": "", + "title": "ThingPrincipalType", + "type": "string" + } + }, + "required": [ + "Principal", + "ThingName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::IoT::ThingPrincipalAttachment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::IoT::ThingType": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", "type": "string" }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DeprecateThingType": { + "markdownDescription": "Deprecates a thing type. You can not associate new things with deprecated thing type.\n\nRequires permission to access the [DeprecateThingType](https://docs.aws.amazon.com//service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.", + "title": "DeprecateThingType", + "type": "boolean" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "Metadata which can be used to manage the topic rule.\n\n> For URI Request parameters use format: ...key1=value1&key2=value2...\n> \n> For the CLI command-line parameter use format: --tags \"key1=value1&key2=value2...\"\n> \n> For the cli-input-json file use format: \"tags\": \"key1=value1&key2=value2...\"", + "markdownDescription": "Metadata which can be used to manage the thing type.", "title": "Tags", "type": "array" }, + "ThingTypeName": { + "markdownDescription": "The name of the thing type.", + "title": "ThingTypeName", + "type": "string" + }, + "ThingTypeProperties": { + "$ref": "#/definitions/AWS::IoT::ThingType.ThingTypeProperties", + "markdownDescription": "The thing type properties for the thing type to create. It contains information about the new thing type including a description, a list of searchable thing attribute names, and a list of propagating attributes. After a thing type is created, you can only update `Mqtt5Configuration` .", + "title": "ThingTypeProperties" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::IoT::ThingType" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::IoT::ThingType.Mqtt5Configuration": { + "additionalProperties": false, + "properties": { + "PropagatingAttributes": { + "items": { + "$ref": "#/definitions/AWS::IoT::ThingType.PropagatingAttribute" + }, + "markdownDescription": "An object that represents the connection attribute, the thing attribute, and the MQTT 5 user property key.", + "title": "PropagatingAttributes", + "type": "array" + } + }, + "type": "object" + }, + "AWS::IoT::ThingType.PropagatingAttribute": { + "additionalProperties": false, + "properties": { + "ConnectionAttribute": { + "markdownDescription": "The attribute associated with the connection details.", + "title": "ConnectionAttribute", + "type": "string" + }, + "ThingAttribute": { + "markdownDescription": "The thing attribute that is propagating for MQTT 5 message enrichment.", + "title": "ThingAttribute", + "type": "string" + }, + "UserPropertyKey": { + "markdownDescription": "The key of the MQTT 5 user property, which is a key-value pair.", + "title": "UserPropertyKey", + "type": "string" + } + }, + "required": [ + "UserPropertyKey" + ], + "type": "object" + }, + "AWS::IoT::ThingType.ThingTypeProperties": { + "additionalProperties": false, + "properties": { + "Mqtt5Configuration": { + "$ref": "#/definitions/AWS::IoT::ThingType.Mqtt5Configuration", + "markdownDescription": "The configuration to add user-defined properties to enrich MQTT 5 messages.", + "title": "Mqtt5Configuration" + }, + "SearchableAttributes": { + "items": { + "type": "string" + }, + "markdownDescription": "A list of searchable thing attribute names.", + "title": "SearchableAttributes", + "type": "array" + }, + "ThingTypeDescription": { + "markdownDescription": "The description of the thing type.", + "title": "ThingTypeDescription", + "type": "string" + } + }, + "type": "object" + }, + "AWS::IoT::TopicRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "RuleName": { + "markdownDescription": "The name of the rule.", + "title": "RuleName", + "type": "string" + }, "TopicRulePayload": { "$ref": "#/definitions/AWS::IoT::TopicRule.TopicRulePayload", "markdownDescription": "The rule payload.", @@ -165700,11 +171841,6 @@ "markdownDescription": "Change the state of a CloudWatch alarm.", "title": "CloudwatchAlarm" }, - "CloudwatchLogs": { - "$ref": "#/definitions/AWS::IoT::TopicRule.CloudwatchLogsAction", - "markdownDescription": "Sends data to CloudWatch.", - "title": "CloudwatchLogs" - }, "CloudwatchMetric": { "$ref": "#/definitions/AWS::IoT::TopicRule.CloudwatchMetricAction", "markdownDescription": "Capture a CloudWatch metric.", @@ -165750,11 +171886,6 @@ "markdownDescription": "Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.", "title": "IotSiteWise" }, - "Kafka": { - "$ref": "#/definitions/AWS::IoT::TopicRule.KafkaAction", - "markdownDescription": "Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.", - "title": "Kafka" - }, "Kinesis": { "$ref": "#/definitions/AWS::IoT::TopicRule.KinesisAction", "markdownDescription": "Write data to an Amazon Kinesis stream.", @@ -165765,16 +171896,6 @@ "markdownDescription": "Invoke a Lambda function.", "title": "Lambda" }, - "Location": { - "$ref": "#/definitions/AWS::IoT::TopicRule.LocationAction", - "markdownDescription": "Sends device location data to [Amazon Location Service](https://docs.aws.amazon.com//location/latest/developerguide/welcome.html) .", - "title": "Location" - }, - "OpenSearch": { - "$ref": "#/definitions/AWS::IoT::TopicRule.OpenSearchAction", - "markdownDescription": "Write data to an Amazon OpenSearch Service domain.", - "title": "OpenSearch" - }, "Republish": { "$ref": "#/definitions/AWS::IoT::TopicRule.RepublishAction", "markdownDescription": "Publish to another MQTT topic.", @@ -165799,11 +171920,6 @@ "$ref": "#/definitions/AWS::IoT::TopicRule.StepFunctionsAction", "markdownDescription": "Starts execution of a Step Functions state machine.", "title": "StepFunctions" - }, - "Timestream": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamAction", - "markdownDescription": "Writes attributes from an MQTT message.", - "title": "Timestream" } }, "type": "object" @@ -165878,27 +171994,6 @@ }, "type": "object" }, - "AWS::IoT::TopicRule.BatchConfig": { - "additionalProperties": false, - "properties": { - "MaxBatchOpenMs": { - "markdownDescription": "", - "title": "MaxBatchOpenMs", - "type": "number" - }, - "MaxBatchSize": { - "markdownDescription": "", - "title": "MaxBatchSize", - "type": "number" - }, - "MaxBatchSizeBytes": { - "markdownDescription": "", - "title": "MaxBatchSizeBytes", - "type": "number" - } - }, - "type": "object" - }, "AWS::IoT::TopicRule.CloudwatchAlarmAction": { "additionalProperties": false, "properties": { @@ -165931,31 +172026,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.CloudwatchLogsAction": { - "additionalProperties": false, - "properties": { - "BatchMode": { - "markdownDescription": "Indicates whether batches of log records will be extracted and uploaded into CloudWatch.", - "title": "BatchMode", - "type": "boolean" - }, - "LogGroupName": { - "markdownDescription": "The CloudWatch log name.", - "title": "LogGroupName", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role that allows access to the CloudWatch log.", - "title": "RoleArn", - "type": "string" - } - }, - "required": [ - "LogGroupName", - "RoleArn" - ], - "type": "object" - }, "AWS::IoT::TopicRule.CloudwatchMetricAction": { "additionalProperties": false, "properties": { @@ -166113,11 +172183,6 @@ "AWS::IoT::TopicRule.FirehoseAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to deliver the Kinesis Data Firehose stream as a batch by using [`PutRecordBatch`](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html) . The default value is `false` .\n\nWhen `batchMode` is `true` and the rule's SQL statement evaluates to an Array, each Array element forms one record in the [`PutRecordBatch`](https://docs.aws.amazon.com/firehose/latest/APIReference/API_PutRecordBatch.html) request. The resulting array can't have more than 500 records.", - "title": "BatchMode", - "type": "boolean" - }, "DeliveryStreamName": { "markdownDescription": "The delivery stream name.", "title": "DeliveryStreamName", @@ -166148,21 +172213,11 @@ "markdownDescription": "The authentication method to use when sending data to an HTTPS endpoint.", "title": "Auth" }, - "BatchConfig": { - "$ref": "#/definitions/AWS::IoT::TopicRule.BatchConfig", - "markdownDescription": "", - "title": "BatchConfig" - }, "ConfirmationUrl": { "markdownDescription": "The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.", "title": "ConfirmationUrl", "type": "string" }, - "EnableBatching": { - "markdownDescription": "", - "title": "EnableBatching", - "type": "boolean" - }, "Headers": { "items": { "$ref": "#/definitions/AWS::IoT::TopicRule.HttpActionHeader" @@ -166216,11 +172271,6 @@ "AWS::IoT::TopicRule.IotAnalyticsAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to process the action as a batch. The default value is `false` .\n\nWhen `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by [`BatchPutMessage`](https://docs.aws.amazon.com/iotanalytics/latest/APIReference/API_BatchPutMessage.html) The resulting array can't have more than 100 messages.", - "title": "BatchMode", - "type": "boolean" - }, "ChannelName": { "markdownDescription": "The name of the IoT Analytics channel to which message data will be sent.", "title": "ChannelName", @@ -166241,11 +172291,6 @@ "AWS::IoT::TopicRule.IotEventsAction": { "additionalProperties": false, "properties": { - "BatchMode": { - "markdownDescription": "Whether to process the event actions as a batch. The default value is `false` .\n\nWhen `batchMode` is `true` , you can't specify a `messageId` .\n\nWhen `batchMode` is `true` and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when Events by calling [`BatchPutMessage`](https://docs.aws.amazon.com/iotevents/latest/apireference/API_iotevents-data_BatchPutMessage.html) . The resulting array can't have more than 10 messages.", - "title": "BatchMode", - "type": "boolean" - }, "InputName": { "markdownDescription": "The name of the AWS IoT Events input.", "title": "InputName", @@ -166291,76 +172336,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.KafkaAction": { - "additionalProperties": false, - "properties": { - "ClientProperties": { - "additionalProperties": true, - "markdownDescription": "Properties of the Apache Kafka producer client.", - "patternProperties": { - "^[a-zA-Z0-9]+$": { - "type": "string" - } - }, - "title": "ClientProperties", - "type": "object" - }, - "DestinationArn": { - "markdownDescription": "The ARN of Kafka action's VPC `TopicRuleDestination` .", - "title": "DestinationArn", - "type": "string" - }, - "Headers": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.KafkaActionHeader" - }, - "markdownDescription": "The list of Kafka headers that you specify.", - "title": "Headers", - "type": "array" - }, - "Key": { - "markdownDescription": "The Kafka message key.", - "title": "Key", - "type": "string" - }, - "Partition": { - "markdownDescription": "The Kafka message partition.", - "title": "Partition", - "type": "string" - }, - "Topic": { - "markdownDescription": "The Kafka topic for messages to be sent to the Kafka broker.", - "title": "Topic", - "type": "string" - } - }, - "required": [ - "ClientProperties", - "DestinationArn", - "Topic" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.KafkaActionHeader": { - "additionalProperties": false, - "properties": { - "Key": { - "markdownDescription": "The key of the Kafka header.", - "title": "Key", - "type": "string" - }, - "Value": { - "markdownDescription": "The value of the Kafka header.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRule.KinesisAction": { "additionalProperties": false, "properties": { @@ -166397,87 +172372,6 @@ }, "type": "object" }, - "AWS::IoT::TopicRule.LocationAction": { - "additionalProperties": false, - "properties": { - "DeviceId": { - "markdownDescription": "The unique ID of the device providing the location data.", - "title": "DeviceId", - "type": "string" - }, - "Latitude": { - "markdownDescription": "A string that evaluates to a double value that represents the latitude of the device's location.", - "title": "Latitude", - "type": "string" - }, - "Longitude": { - "markdownDescription": "A string that evaluates to a double value that represents the longitude of the device's location.", - "title": "Longitude", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role that grants permission to write to the Amazon Location resource.", - "title": "RoleArn", - "type": "string" - }, - "Timestamp": { - "$ref": "#/definitions/AWS::IoT::TopicRule.Timestamp", - "markdownDescription": "The time that the location data was sampled. The default value is the time the MQTT message was processed.", - "title": "Timestamp" - }, - "TrackerName": { - "markdownDescription": "The name of the tracker resource in Amazon Location in which the location is updated.", - "title": "TrackerName", - "type": "string" - } - }, - "required": [ - "DeviceId", - "Latitude", - "Longitude", - "RoleArn", - "TrackerName" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.OpenSearchAction": { - "additionalProperties": false, - "properties": { - "Endpoint": { - "markdownDescription": "The endpoint of your OpenSearch domain.", - "title": "Endpoint", - "type": "string" - }, - "Id": { - "markdownDescription": "The unique identifier for the document you are storing.", - "title": "Id", - "type": "string" - }, - "Index": { - "markdownDescription": "The OpenSearch index where you want to store your data.", - "title": "Index", - "type": "string" - }, - "RoleArn": { - "markdownDescription": "The IAM role ARN that has access to OpenSearch.", - "title": "RoleArn", - "type": "string" - }, - "Type": { - "markdownDescription": "The type of document you are storing.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Endpoint", - "Id", - "Index", - "RoleArn", - "Type" - ], - "type": "object" - }, "AWS::IoT::TopicRule.PutAssetPropertyValueEntry": { "additionalProperties": false, "properties": { @@ -166532,11 +172426,6 @@ "AWS::IoT::TopicRule.RepublishAction": { "additionalProperties": false, "properties": { - "Headers": { - "$ref": "#/definitions/AWS::IoT::TopicRule.RepublishActionHeaders", - "markdownDescription": "MQTT Version 5.0 headers information. For more information, see [MQTT](https://docs.aws.amazon.com//iot/latest/developerguide/mqtt.html) in the IoT Core Developer Guide.", - "title": "Headers" - }, "Qos": { "markdownDescription": "The Quality of Service (QoS) level to use when republishing messages. The default value is 0.", "title": "Qos", @@ -166559,45 +172448,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.RepublishActionHeaders": { - "additionalProperties": false, - "properties": { - "ContentType": { - "markdownDescription": "A UTF-8 encoded string that describes the content of the publishing message.\n\nFor more information, see [Content Type](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901118) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "ContentType", - "type": "string" - }, - "CorrelationData": { - "markdownDescription": "The base64-encoded binary data used by the sender of the request message to identify which request the response message is for.\n\nFor more information, see [Correlation Data](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901115) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .\n\n> This binary data must be base64-encoded.", - "title": "CorrelationData", - "type": "string" - }, - "MessageExpiry": { - "markdownDescription": "A user-defined integer value that represents the message expiry interval at the broker. If the messages haven't been sent to the subscribers within that interval, the message expires and is removed. The value of `messageExpiry` represents the number of seconds before it expires. For more information about the limits of `messageExpiry` , see [Message broker and protocol limits and quotas](https://docs.aws.amazon.com//general/latest/gr/iot-core.html#limits_iot) in the IoT Core Reference Guide.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "MessageExpiry", - "type": "string" - }, - "PayloadFormatIndicator": { - "markdownDescription": "An `Enum` string value that indicates whether the payload is formatted as UTF-8.\n\nValid values are `UNSPECIFIED_BYTES` and `UTF8_DATA` .\n\nFor more information, see [Payload Format Indicator](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901111) from the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "PayloadFormatIndicator", - "type": "string" - }, - "ResponseTopic": { - "markdownDescription": "A UTF-8 encoded string that's used as the topic name for a response message. The response topic is used to describe the topic to which the receiver should publish as part of the request-response flow. The topic must not contain wildcard characters.\n\nFor more information, see [Response Topic](https://docs.aws.amazon.com/https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901114) in the MQTT Version 5.0 specification.\n\nSupports [substitution templates](https://docs.aws.amazon.com//iot/latest/developerguide/iot-substitution-templates.html) .", - "title": "ResponseTopic", - "type": "string" - }, - "UserProperties": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.UserProperty" - }, - "markdownDescription": "An array of key-value pairs that you define in the MQTT5 header.", - "title": "UserProperties", - "type": "array" - } - }, - "type": "object" - }, "AWS::IoT::TopicRule.S3Action": { "additionalProperties": false, "properties": { @@ -166606,11 +172456,6 @@ "title": "BucketName", "type": "string" }, - "CannedAcl": { - "markdownDescription": "The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see [S3 canned ACLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) .", - "title": "CannedAcl", - "type": "string" - }, "Key": { "markdownDescription": "The object key. For more information, see [Actions, resources, and condition keys for Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) .", "title": "Key", @@ -166730,105 +172575,6 @@ ], "type": "object" }, - "AWS::IoT::TopicRule.Timestamp": { - "additionalProperties": false, - "properties": { - "Unit": { - "markdownDescription": "The precision of the timestamp value that results from the expression described in `value` .", - "title": "Unit", - "type": "string" - }, - "Value": { - "markdownDescription": "An expression that returns a long epoch time value.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Value" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamAction": { - "additionalProperties": false, - "properties": { - "DatabaseName": { - "markdownDescription": "The name of an Amazon Timestream database that has the table to write records into.", - "title": "DatabaseName", - "type": "string" - }, - "Dimensions": { - "items": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamDimension" - }, - "markdownDescription": "Metadata attributes of the time series that are written in each measure record.", - "title": "Dimensions", - "type": "array" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the role that grants AWS IoT permission to write to the Timestream database table.", - "title": "RoleArn", - "type": "string" - }, - "TableName": { - "markdownDescription": "The table where the message data will be written.", - "title": "TableName", - "type": "string" - }, - "Timestamp": { - "$ref": "#/definitions/AWS::IoT::TopicRule.TimestreamTimestamp", - "markdownDescription": "The value to use for the entry's timestamp. If blank, the time that the entry was processed is used.", - "title": "Timestamp" - } - }, - "required": [ - "DatabaseName", - "Dimensions", - "RoleArn", - "TableName" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamDimension": { - "additionalProperties": false, - "properties": { - "Name": { - "markdownDescription": "The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.", - "title": "Name", - "type": "string" - }, - "Value": { - "markdownDescription": "The value to write in this column of the database record.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Name", - "Value" - ], - "type": "object" - }, - "AWS::IoT::TopicRule.TimestreamTimestamp": { - "additionalProperties": false, - "properties": { - "Unit": { - "markdownDescription": "The precision of the timestamp value that results from the expression described in `value` .", - "title": "Unit", - "type": "string" - }, - "Value": { - "markdownDescription": "An expression that returns a long epoch time value.", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Unit", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRule.TopicRulePayload": { "additionalProperties": false, "properties": { @@ -166868,30 +172614,11 @@ }, "required": [ "Actions", + "RuleDisabled", "Sql" ], "type": "object" }, - "AWS::IoT::TopicRule.UserProperty": { - "additionalProperties": false, - "properties": { - "Key": { - "markdownDescription": "A key to be specified in `UserProperty` .", - "title": "Key", - "type": "string" - }, - "Value": { - "markdownDescription": "A value to be specified in `UserProperty` .", - "title": "Value", - "type": "string" - } - }, - "required": [ - "Key", - "Value" - ], - "type": "object" - }, "AWS::IoT::TopicRuleDestination": { "additionalProperties": false, "properties": { @@ -185618,6 +191345,9 @@ "title": "S3Key", "type": "string" }, + "S3ObjectStorageMode": { + "type": "string" + }, "S3ObjectVersion": { "markdownDescription": "For versioned objects, the version of the deployment package object to use.", "title": "S3ObjectVersion", @@ -194086,102 +199816,105 @@ "Properties": { "additionalProperties": false, "properties": { - "AccountId": { - "markdownDescription": "The ID of the account to create the anomaly detector in.", - "title": "AccountId", - "type": "string" - }, - "AnomalyVisibilityTime": { - "markdownDescription": "The number of days to have visibility on an anomaly. After this time period has elapsed for an anomaly, it will be automatically baselined and the anomaly detector will treat new occurrences of a similar anomaly as normal. Therefore, if you do not correct the cause of an anomaly during the time period specified in `AnomalyVisibilityTime` , it will be considered normal going forward and will not be detected as an anomaly.", - "title": "AnomalyVisibilityTime", - "type": "number" - }, - "DetectorName": { - "markdownDescription": "A name for this anomaly detector.", - "title": "DetectorName", - "type": "string" - }, - "EvaluationFrequency": { - "markdownDescription": "Specifies how often the anomaly detector is to run and look for anomalies. Set this value according to the frequency that the log group receives new logs. For example, if the log group receives new log events every 10 minutes, then 15 minutes might be a good setting for `EvaluationFrequency` .", - "title": "EvaluationFrequency", - "type": "string" - }, - "FilterPattern": { - "markdownDescription": "You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", - "title": "FilterPattern", - "type": "string" - }, - "KmsKeyId": { - "markdownDescription": "Optionally assigns a AWS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.\n\nFor more information about using a AWS key and to see the required IAM policy, see [Use a AWS key with an anomaly detector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html) .", - "title": "KmsKeyId", - "type": "string" - }, - "LogGroupArnList": { - "items": { - "type": "string" - }, - "markdownDescription": "The ARN of the log group that is associated with this anomaly detector. You can specify only one log group ARN.", - "title": "LogGroupArnList", - "type": "array" - } - }, - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Logs::LogAnomalyDetector" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type" - ], - "type": "object" - }, - "AWS::Logs::LogGroup": { - "additionalProperties": false, - "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" + "AccountId": { + "markdownDescription": "The ID of the account to create the anomaly detector in.", + "title": "AccountId", + "type": "string" + }, + "AnomalyVisibilityTime": { + "markdownDescription": "The number of days to have visibility on an anomaly. After this time period has elapsed for an anomaly, it will be automatically baselined and the anomaly detector will treat new occurrences of a similar anomaly as normal. Therefore, if you do not correct the cause of an anomaly during the time period specified in `AnomalyVisibilityTime` , it will be considered normal going forward and will not be detected as an anomaly.", + "title": "AnomalyVisibilityTime", + "type": "number" + }, + "DetectorName": { + "markdownDescription": "A name for this anomaly detector.", + "title": "DetectorName", + "type": "string" + }, + "EvaluationFrequency": { + "markdownDescription": "Specifies how often the anomaly detector is to run and look for anomalies. Set this value according to the frequency that the log group receives new logs. For example, if the log group receives new log events every 10 minutes, then 15 minutes might be a good setting for `EvaluationFrequency` .", + "title": "EvaluationFrequency", + "type": "string" + }, + "FilterPattern": { + "markdownDescription": "You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", + "title": "FilterPattern", + "type": "string" + }, + "KmsKeyId": { + "markdownDescription": "Optionally assigns a AWS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.\n\nFor more information about using a AWS key and to see the required IAM policy, see [Use a AWS key with an anomaly detector](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html) .", + "title": "KmsKeyId", + "type": "string" + }, + "LogGroupArnList": { + "items": { + "type": "string" + }, + "markdownDescription": "The ARN of the log group that is associated with this anomaly detector. You can specify only one log group ARN.", + "title": "LogGroupArnList", + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Logs::LogAnomalyDetector" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::Logs::LogGroup": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "BearerTokenAuthenticationEnabled": { + "type": "boolean" }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { "DataProtectionPolicy": { "markdownDescription": "Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.", "title": "DataProtectionPolicy", @@ -194545,6 +200278,12 @@ "title": "Name", "type": "string" }, + "Parameters": { + "items": { + "$ref": "#/definitions/AWS::Logs::QueryDefinition.QueryParameter" + }, + "type": "array" + }, "QueryLanguage": { "markdownDescription": "The query language used for this query. For more information about the query languages that CloudWatch Logs supports, see [Supported query languages](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html) .", "title": "QueryLanguage", @@ -194583,6 +200322,24 @@ ], "type": "object" }, + "AWS::Logs::QueryDefinition.QueryParameter": { + "additionalProperties": false, + "properties": { + "DefaultValue": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, "AWS::Logs::ResourcePolicy": { "additionalProperties": false, "properties": { @@ -194621,7 +200378,7 @@ "PolicyDocument": { "markdownDescription": "The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.", "title": "PolicyDocument", - "type": "string" + "type": "object" }, "PolicyName": { "markdownDescription": "The name of the resource policy.", @@ -197727,6 +203484,9 @@ "title": "KafkaClusters", "type": "array" }, + "LogDelivery": { + "$ref": "#/definitions/AWS::MSK::Replicator.LogDelivery" + }, "ReplicationInfoList": { "items": { "$ref": "#/definitions/AWS::MSK::Replicator.ReplicationInfo" @@ -197797,9 +203557,43 @@ ], "type": "object" }, + "AWS::MSK::Replicator.ApacheKafkaCluster": { + "additionalProperties": false, + "properties": { + "ApacheKafkaClusterId": { + "type": "string" + }, + "BootstrapBrokerString": { + "type": "string" + } + }, + "required": [ + "ApacheKafkaClusterId", + "BootstrapBrokerString" + ], + "type": "object" + }, + "AWS::MSK::Replicator.CloudWatchLogs": { + "additionalProperties": false, + "properties": { + "Enabled": { + "type": "boolean" + }, + "LogGroup": { + "type": "string" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.ConsumerGroupReplication": { "additionalProperties": false, "properties": { + "ConsumerGroupOffsetSyncMode": { + "type": "string" + }, "ConsumerGroupsToExclude": { "items": { "type": "string" @@ -197832,6 +203626,21 @@ ], "type": "object" }, + "AWS::MSK::Replicator.Firehose": { + "additionalProperties": false, + "properties": { + "DeliveryStream": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.KafkaCluster": { "additionalProperties": false, "properties": { @@ -197840,15 +203649,32 @@ "markdownDescription": "Details of an Amazon MSK Cluster.", "title": "AmazonMskCluster" }, + "ApacheKafkaCluster": { + "$ref": "#/definitions/AWS::MSK::Replicator.ApacheKafkaCluster" + }, + "ClientAuthentication": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterClientAuthentication" + }, + "EncryptionInTransit": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterEncryptionInTransit" + }, "VpcConfig": { "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterClientVpcConfig", "markdownDescription": "Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster.", "title": "VpcConfig" } }, + "type": "object" + }, + "AWS::MSK::Replicator.KafkaClusterClientAuthentication": { + "additionalProperties": false, + "properties": { + "SaslScram": { + "$ref": "#/definitions/AWS::MSK::Replicator.KafkaClusterSaslScramAuthentication" + } + }, "required": [ - "AmazonMskCluster", - "VpcConfig" + "SaslScram" ], "type": "object" }, @@ -197877,6 +203703,46 @@ ], "type": "object" }, + "AWS::MSK::Replicator.KafkaClusterEncryptionInTransit": { + "additionalProperties": false, + "properties": { + "EncryptionType": { + "type": "string" + }, + "RootCaCertificate": { + "type": "string" + } + }, + "required": [ + "EncryptionType" + ], + "type": "object" + }, + "AWS::MSK::Replicator.KafkaClusterSaslScramAuthentication": { + "additionalProperties": false, + "properties": { + "Mechanism": { + "type": "string" + }, + "SecretArn": { + "type": "string" + } + }, + "required": [ + "Mechanism", + "SecretArn" + ], + "type": "object" + }, + "AWS::MSK::Replicator.LogDelivery": { + "additionalProperties": false, + "properties": { + "ReplicatorLogDelivery": { + "$ref": "#/definitions/AWS::MSK::Replicator.ReplicatorLogDelivery" + } + }, + "type": "object" + }, "AWS::MSK::Replicator.ReplicationInfo": { "additionalProperties": false, "properties": { @@ -197890,6 +203756,9 @@ "title": "SourceKafkaClusterArn", "type": "string" }, + "SourceKafkaClusterId": { + "type": "string" + }, "TargetCompressionType": { "markdownDescription": "The compression type to use when producing records to target cluster.", "title": "TargetCompressionType", @@ -197900,6 +203769,9 @@ "title": "TargetKafkaClusterArn", "type": "string" }, + "TargetKafkaClusterId": { + "type": "string" + }, "TopicReplication": { "$ref": "#/definitions/AWS::MSK::Replicator.TopicReplication", "markdownDescription": "Configuration relating to topic replication.", @@ -197908,9 +203780,7 @@ }, "required": [ "ConsumerGroupReplication", - "SourceKafkaClusterArn", "TargetCompressionType", - "TargetKafkaClusterArn", "TopicReplication" ], "type": "object" @@ -197937,6 +203807,39 @@ }, "type": "object" }, + "AWS::MSK::Replicator.ReplicatorLogDelivery": { + "additionalProperties": false, + "properties": { + "CloudWatchLogs": { + "$ref": "#/definitions/AWS::MSK::Replicator.CloudWatchLogs" + }, + "Firehose": { + "$ref": "#/definitions/AWS::MSK::Replicator.Firehose" + }, + "S3": { + "$ref": "#/definitions/AWS::MSK::Replicator.S3" + } + }, + "type": "object" + }, + "AWS::MSK::Replicator.S3": { + "additionalProperties": false, + "properties": { + "Bucket": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Prefix": { + "type": "string" + } + }, + "required": [ + "Enabled" + ], + "type": "object" + }, "AWS::MSK::Replicator.TopicReplication": { "additionalProperties": false, "properties": { @@ -200289,6 +206192,9 @@ "title": "AvailabilityZone", "type": "string" }, + "EncodingConfig": { + "$ref": "#/definitions/AWS::MediaConnect::Flow.EncodingConfig" + }, "FlowSize": { "markdownDescription": "Determines the processing capacity and feature set of the flow. Set this optional parameter to LARGE if you want to enable NDI outputs on the flow.", "title": "FlowSize", @@ -200332,6 +206238,12 @@ "markdownDescription": "The settings for source monitoring.", "title": "SourceMonitoringConfig" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaces": { "items": { "$ref": "#/definitions/AWS::MediaConnect::Flow.VpcInterface" @@ -200395,6 +206307,18 @@ }, "type": "object" }, + "AWS::MediaConnect::Flow.EncodingConfig": { + "additionalProperties": false, + "properties": { + "EncodingProfile": { + "type": "string" + }, + "VideoMaxBitrate": { + "type": "number" + } + }, + "type": "object" + }, "AWS::MediaConnect::Flow.Encryption": { "additionalProperties": false, "properties": { @@ -200403,31 +206327,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -200437,11 +206341,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -200678,6 +206577,12 @@ "title": "MediaStreamType", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VideoFormat": { "markdownDescription": "The resolution of the video.", "title": "VideoFormat", @@ -200784,6 +206689,15 @@ ], "type": "object" }, + "AWS::MediaConnect::Flow.NdiSourceSettings": { + "additionalProperties": false, + "properties": { + "SourceName": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaConnect::Flow.SecretsManagerEncryptionKeyConfiguration": { "additionalProperties": false, "properties": { @@ -200886,6 +206800,9 @@ "title": "Name", "type": "string" }, + "NdiSourceSettings": { + "$ref": "#/definitions/AWS::MediaConnect::Flow.NdiSourceSettings" + }, "Protocol": { "markdownDescription": "The protocol that is used by the source. AWS CloudFormation does not currently support CDI or ST 2110 JPEG XS source protocols.\n\n> AWS Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.", "title": "Protocol", @@ -200901,16 +206818,6 @@ "markdownDescription": "The decryption configuration for the flow source when router integration is enabled.", "title": "RouterIntegrationTransitDecryption" }, - "SenderControlPort": { - "markdownDescription": "The port that the flow uses to send outbound requests to initiate connection with the sender.", - "title": "SenderControlPort", - "type": "number" - }, - "SenderIpAddress": { - "markdownDescription": "The IP address that the flow communicates with to initiate connection with the sender.", - "title": "SenderIpAddress", - "type": "string" - }, "SourceArn": { "markdownDescription": "The ARN of the source.", "title": "SourceArn", @@ -200936,6 +206843,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceName": { "markdownDescription": "The name of the VPC interface that is used for this source.", "title": "VpcInterfaceName", @@ -201049,6 +206962,12 @@ "markdownDescription": "Subnet must be in the AZ of the Flow.", "title": "SubnetId", "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -201142,6 +207061,12 @@ "markdownDescription": "The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flows using your content as the source.", "title": "Subscribers", "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" } }, "required": [ @@ -201181,31 +207106,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -201215,11 +207120,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -201364,6 +207264,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceAttachment": { "$ref": "#/definitions/AWS::MediaConnect::FlowOutput.VpcInterfaceAttachment", "markdownDescription": "The name of the VPC interface attachment to use for this output.", @@ -201629,11 +207535,6 @@ "title": "Description", "type": "string" }, - "EntitlementArn": { - "markdownDescription": "The ARN of the entitlement that allows you to subscribe to this flow. The entitlement is set by the flow originator, and the ARN is generated as part of the originator's flow.", - "title": "EntitlementArn", - "type": "string" - }, "FlowArn": { "markdownDescription": "The Amazon Resource Name (ARN) of the flow this source is connected to. The flow must have Failover enabled to add an additional source.", "title": "FlowArn", @@ -201674,16 +207575,6 @@ "title": "Protocol", "type": "string" }, - "SenderControlPort": { - "markdownDescription": "The port that the flow uses to send outbound requests to initiate connection with the sender.", - "title": "SenderControlPort", - "type": "number" - }, - "SenderIpAddress": { - "markdownDescription": "The IP address that the flow communicates with to initiate connection with the sender.", - "title": "SenderIpAddress", - "type": "string" - }, "SourceListenerAddress": { "markdownDescription": "Source IP or domain name for SRT-caller protocol.", "title": "SourceListenerAddress", @@ -201699,6 +207590,12 @@ "title": "StreamId", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, "VpcInterfaceName": { "markdownDescription": "The name of the VPC interface to use for this source.", "title": "VpcInterfaceName", @@ -201712,6 +207609,7 @@ }, "required": [ "Description", + "FlowArn", "Name" ], "type": "object" @@ -201745,31 +207643,11 @@ "title": "Algorithm", "type": "string" }, - "ConstantInitializationVector": { - "markdownDescription": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.", - "title": "ConstantInitializationVector", - "type": "string" - }, - "DeviceId": { - "markdownDescription": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "DeviceId", - "type": "string" - }, "KeyType": { "markdownDescription": "The type of key that is used for the encryption. If you don't specify a `keyType` value, the service uses the default setting ( `static-key` ). Valid key types are: `static-key` , `speke` , and `srt-password` .", "title": "KeyType", "type": "string" }, - "Region": { - "markdownDescription": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Region", - "type": "string" - }, - "ResourceId": { - "markdownDescription": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "ResourceId", - "type": "string" - }, "RoleArn": { "markdownDescription": "The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).", "title": "RoleArn", @@ -201779,11 +207657,6 @@ "markdownDescription": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.", "title": "SecretArn", "type": "string" - }, - "Url": { - "markdownDescription": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.", - "title": "Url", - "type": "string" } }, "required": [ @@ -202274,6 +208147,54 @@ ], "type": "object" }, + "AWS::MediaConnect::RouterInput.MediaLiveChannelRouterInputConfiguration": { + "additionalProperties": false, + "properties": { + "MediaLiveChannelArn": { + "type": "string" + }, + "MediaLiveChannelOutputName": { + "type": "string" + }, + "MediaLivePipelineId": { + "type": "string" + }, + "SourceTransitDecryption": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveTransitEncryption" + } + }, + "required": [ + "SourceTransitDecryption" + ], + "type": "object" + }, + "AWS::MediaConnect::RouterInput.MediaLiveTransitEncryption": { + "additionalProperties": false, + "properties": { + "EncryptionKeyConfiguration": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveTransitEncryptionKeyConfiguration" + }, + "EncryptionKeyType": { + "type": "string" + } + }, + "required": [ + "EncryptionKeyConfiguration" + ], + "type": "object" + }, + "AWS::MediaConnect::RouterInput.MediaLiveTransitEncryptionKeyConfiguration": { + "additionalProperties": false, + "properties": { + "Automatic": { + "type": "object" + }, + "SecretsManager": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.SecretsManagerEncryptionKeyConfiguration" + } + }, + "type": "object" + }, "AWS::MediaConnect::RouterInput.MergeRouterInputConfiguration": { "additionalProperties": false, "properties": { @@ -202372,6 +208293,9 @@ "markdownDescription": "", "title": "MediaConnectFlow" }, + "MediaLiveChannel": { + "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MediaLiveChannelRouterInputConfiguration" + }, "Merge": { "$ref": "#/definitions/AWS::MediaConnect::RouterInput.MergeRouterInputConfiguration", "markdownDescription": "", @@ -203625,6 +209549,9 @@ "markdownDescription": "The encoding configuration for the output content.", "title": "EncoderSettings" }, + "InferenceSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.InferenceSettings" + }, "InputAttachments": { "items": { "$ref": "#/definitions/AWS::MediaLive::Channel.InputAttachment" @@ -204295,6 +210222,9 @@ "markdownDescription": "", "title": "Hdr10Settings" }, + "Hlg2020Settings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.Hlg2020Settings" + }, "Rec601Settings": { "$ref": "#/definitions/AWS::MediaLive::Channel.Rec601Settings", "markdownDescription": "", @@ -206840,6 +212770,15 @@ "properties": {}, "type": "object" }, + "AWS::MediaLive::Channel.InferenceSettings": { + "additionalProperties": false, + "properties": { + "FeedArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.InputAttachment": { "additionalProperties": false, "properties": { @@ -211501,12 +217440,6 @@ "type": "string" } }, - "required": [ - "Id", - "Password", - "Url", - "Username" - ], "type": "object" }, "AWS::MediaPackage::Channel.LogConfiguration": { @@ -216774,6 +222707,9 @@ "title": "GraphName", "type": "string" }, + "KmsKeyIdentifier": { + "type": "string" + }, "ProvisionedMemory": { "markdownDescription": "The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.\n\nMin = 16", "title": "ProvisionedMemory", @@ -216843,6 +222779,80 @@ ], "type": "object" }, + "AWS::NeptuneGraph::GraphSnapshot": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "GraphIdentifier": { + "type": "string" + }, + "SnapshotName": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "SnapshotName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::NeptuneGraph::GraphSnapshot" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::NeptuneGraph::PrivateGraphEndpoint": { "additionalProperties": false, "properties": { @@ -221298,6 +227308,92 @@ ], "type": "object" }, + "AWS::NovaAct::WorkflowDefinition": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "ExportConfig": { + "$ref": "#/definitions/AWS::NovaAct::WorkflowDefinition.WorkflowExportConfig" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::NovaAct::WorkflowDefinition" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::NovaAct::WorkflowDefinition.WorkflowExportConfig": { + "additionalProperties": false, + "properties": { + "S3BucketName": { + "type": "string" + }, + "S3KeyPrefix": { + "type": "string" + } + }, + "required": [ + "S3BucketName" + ], + "type": "object" + }, "AWS::ODB::CloudAutonomousVmCluster": { "additionalProperties": false, "properties": { @@ -221366,6 +227462,12 @@ "title": "DisplayName", "type": "string" }, + "IamRoles": { + "items": { + "$ref": "#/definitions/AWS::ODB::CloudAutonomousVmCluster.IamRole" + }, + "type": "array" + }, "IsMtlsEnabledVmCluster": { "markdownDescription": "Specifies whether mutual TLS (mTLS) authentication is enabled for the Autonomous VM cluster.", "title": "IsMtlsEnabledVmCluster", @@ -221442,6 +227544,21 @@ ], "type": "object" }, + "AWS::ODB::CloudAutonomousVmCluster.IamRole": { + "additionalProperties": false, + "properties": { + "AwsIntegration": { + "type": "string" + }, + "IamRoleArn": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::CloudAutonomousVmCluster.MaintenanceWindow": { "additionalProperties": false, "properties": { @@ -221779,6 +227896,12 @@ "title": "Hostname", "type": "string" }, + "IamRoles": { + "items": { + "$ref": "#/definitions/AWS::ODB::CloudVmCluster.IamRole" + }, + "type": "array" + }, "IsLocalBackupEnabled": { "markdownDescription": "Specifies whether database backups to local Exadata storage are enabled for the VM cluster.", "title": "IsLocalBackupEnabled", @@ -221971,6 +228094,21 @@ ], "type": "object" }, + "AWS::ODB::CloudVmCluster.IamRole": { + "additionalProperties": false, + "properties": { + "AwsIntegration": { + "type": "string" + }, + "IamRoleArn": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork": { "additionalProperties": false, "properties": { @@ -222026,6 +228164,12 @@ "title": "ClientSubnetCidr", "type": "string" }, + "CrossRegionS3RestoreSources": { + "items": { + "type": "string" + }, + "type": "array" + }, "CustomDomainName": { "markdownDescription": "The domain name for the resources in the ODB network.", "title": "CustomDomainName", @@ -222046,6 +228190,12 @@ "title": "DisplayName", "type": "string" }, + "KmsAccess": { + "type": "string" + }, + "KmsPolicyDocument": { + "type": "string" + }, "S3Access": { "markdownDescription": "The configuration for Amazon S3 access from the ODB network.", "title": "S3Access", @@ -222056,6 +228206,12 @@ "title": "S3PolicyDocument", "type": "string" }, + "StsAccess": { + "type": "string" + }, + "StsPolicyDocument": { + "type": "string" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -222092,6 +228248,45 @@ ], "type": "object" }, + "AWS::ODB::OdbNetwork.CrossRegionS3RestoreSourcesAccess": { + "additionalProperties": false, + "properties": { + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Region": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::ODB::OdbNetwork.KmsAccess": { + "additionalProperties": false, + "properties": { + "DomainName": { + "type": "string" + }, + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "KmsPolicyDocument": { + "type": "string" + }, + "Status": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork.ManagedS3BackupAccess": { "additionalProperties": false, "properties": { @@ -222114,6 +228309,15 @@ "AWS::ODB::OdbNetwork.ManagedServices": { "additionalProperties": false, "properties": { + "CrossRegionS3RestoreSourcesAccess": { + "items": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.CrossRegionS3RestoreSourcesAccess" + }, + "type": "array" + }, + "KmsAccess": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.KmsAccess" + }, "ManagedS3BackupAccess": { "$ref": "#/definitions/AWS::ODB::OdbNetwork.ManagedS3BackupAccess", "markdownDescription": "The managed Amazon S3 backup access configuration.", @@ -222147,6 +228351,9 @@ "markdownDescription": "The service network endpoint configuration.", "title": "ServiceNetworkEndpoint" }, + "StsAccess": { + "$ref": "#/definitions/AWS::ODB::OdbNetwork.StsAccess" + }, "ZeroEtlAccess": { "$ref": "#/definitions/AWS::ODB::OdbNetwork.ZeroEtlAccess", "markdownDescription": "The Zero-ETL access configuration.", @@ -222200,6 +228407,27 @@ }, "type": "object" }, + "AWS::ODB::OdbNetwork.StsAccess": { + "additionalProperties": false, + "properties": { + "DomainName": { + "type": "string" + }, + "Ipv4Addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Status": { + "type": "string" + }, + "StsPolicyDocument": { + "type": "string" + } + }, + "type": "object" + }, "AWS::ODB::OdbNetwork.ZeroEtlAccess": { "additionalProperties": false, "properties": { @@ -222274,6 +228502,12 @@ "title": "PeerNetworkId", "type": "string" }, + "PeerNetworkRouteTableIds": { + "items": { + "type": "string" + }, + "type": "array" + }, "Tags": { "items": { "$ref": "#/definitions/Tag" @@ -222946,6 +229180,9 @@ "markdownDescription": "Configuration defining the backup region and an optional KMS key for the backup destination.", "title": "BackupConfiguration" }, + "LogGroupNameConfiguration": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogGroupNameConfiguration" + }, "LogsEncryptionConfiguration": { "$ref": "#/definitions/AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogsEncryptionConfiguration", "markdownDescription": "The encryption configuration for centralization destination log groups.", @@ -222954,6 +229191,18 @@ }, "type": "object" }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogGroupNameConfiguration": { + "additionalProperties": false, + "properties": { + "LogGroupNamePattern": { + "type": "string" + } + }, + "required": [ + "LogGroupNamePattern" + ], + "type": "object" + }, "AWS::ObservabilityAdmin::OrganizationCentralizationRule.LogsBackupConfiguration": { "additionalProperties": false, "properties": { @@ -223000,6 +229249,9 @@ "AWS::ObservabilityAdmin::OrganizationCentralizationRule.SourceLogsConfiguration": { "additionalProperties": false, "properties": { + "DataSourceSelectionCriteria": { + "type": "string" + }, "EncryptedLogGroupStrategy": { "markdownDescription": "A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.", "title": "EncryptedLogGroupStrategy", @@ -223012,8 +229264,7 @@ } }, "required": [ - "EncryptedLogGroupStrategy", - "LogGroupSelectionCriteria" + "EncryptedLogGroupStrategy" ], "type": "object" }, @@ -223497,42 +229748,148 @@ "Properties": { "additionalProperties": false, "properties": { - "Encryption": { - "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig", - "markdownDescription": "Defines the encryption configuration for S3 Table integrations, including the encryption algorithm and KMS key settings.", - "title": "Encryption" - }, - "LogSources": { - "items": { - "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.LogSource" - }, - "markdownDescription": "A data source with an S3 Table integration for query access in the `logs` namespace.", - "title": "LogSources", - "type": "array" - }, - "RoleArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the IAM role that grants permissions for the S3 Table integration to access necessary resources.", - "title": "RoleArn", + "Encryption": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig", + "markdownDescription": "Defines the encryption configuration for S3 Table integrations, including the encryption algorithm and KMS key settings.", + "title": "Encryption" + }, + "LogSources": { + "items": { + "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration.LogSource" + }, + "markdownDescription": "A data source with an S3 Table integration for query access in the `logs` namespace.", + "title": "LogSources", + "type": "array" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the IAM role that grants permissions for the S3 Table integration to access necessary resources.", + "title": "RoleArn", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "The key-value pairs to associate with the S3 Table integration resource for categorization and management purposes.", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "Encryption", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::ObservabilityAdmin::S3TableIntegration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.", + "title": "KmsKeyArn", + "type": "string" + }, + "SseAlgorithm": { + "markdownDescription": "The server-side encryption algorithm used for encrypting data in the S3 Table integration.", + "title": "SseAlgorithm", + "type": "string" + } + }, + "required": [ + "SseAlgorithm" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::S3TableIntegration.LogSource": { + "additionalProperties": false, + "properties": { + "Identifier": { + "markdownDescription": "The unique identifier for the association between the data source and S3 Table integration.", + "title": "Identifier", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the data source.", + "title": "Name", + "type": "string" + }, + "Type": { + "markdownDescription": "The type of the data source.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Name", + "Type" + ], + "type": "object" + }, + "AWS::ObservabilityAdmin::TelemetryEnrichment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Scope": { "type": "string" - }, - "Tags": { - "items": { - "$ref": "#/definitions/Tag" - }, - "markdownDescription": "The key-value pairs to associate with the S3 Table integration resource for categorization and management purposes.", - "title": "Tags", - "type": "array" } }, - "required": [ - "Encryption", - "RoleArn" - ], "type": "object" }, "Type": { "enum": [ - "AWS::ObservabilityAdmin::S3TableIntegration" + "AWS::ObservabilityAdmin::TelemetryEnrichment" ], "type": "string" }, @@ -223546,51 +229903,6 @@ } }, "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::ObservabilityAdmin::S3TableIntegration.EncryptionConfig": { - "additionalProperties": false, - "properties": { - "KmsKeyArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.", - "title": "KmsKeyArn", - "type": "string" - }, - "SseAlgorithm": { - "markdownDescription": "The server-side encryption algorithm used for encrypting data in the S3 Table integration.", - "title": "SseAlgorithm", - "type": "string" - } - }, - "required": [ - "SseAlgorithm" - ], - "type": "object" - }, - "AWS::ObservabilityAdmin::S3TableIntegration.LogSource": { - "additionalProperties": false, - "properties": { - "Identifier": { - "markdownDescription": "The unique identifier for the association between the data source and S3 Table integration.", - "title": "Identifier", - "type": "string" - }, - "Name": { - "markdownDescription": "The name of the data source.", - "title": "Name", - "type": "string" - }, - "Type": { - "markdownDescription": "The type of the data source.", - "title": "Type", - "type": "string" - } - }, - "required": [ - "Name", "Type" ], "type": "object" @@ -224386,6 +230698,114 @@ }, "type": "object" }, + "AWS::Omics::Configuration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "RunConfigurations": { + "$ref": "#/definitions/AWS::Omics::Configuration.RunConfigurations" + }, + "Tags": { + "additionalProperties": true, + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "Name", + "RunConfigurations" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Omics::Configuration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Omics::Configuration.RunConfigurations": { + "additionalProperties": false, + "properties": { + "VpcConfig": { + "$ref": "#/definitions/AWS::Omics::Configuration.VpcConfig" + } + }, + "type": "object" + }, + "AWS::Omics::Configuration.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Omics::ReferenceStore": { "additionalProperties": false, "properties": { @@ -225465,36 +231885,135 @@ "additionalProperties": false, "properties": { "Description": { - "markdownDescription": "The description of the policy.", + "markdownDescription": "The description of the policy.", + "title": "Description", + "type": "string" + }, + "Name": { + "markdownDescription": "The name of the policy.", + "title": "Name", + "type": "string" + }, + "Policy": { + "markdownDescription": "The JSON policy document without any whitespaces.", + "title": "Policy", + "type": "string" + }, + "Type": { + "markdownDescription": "The type of access policy. Currently the only option is `data` .", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Name", + "Policy", + "Type" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::OpenSearchServerless::AccessPolicy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::OpenSearchServerless::Collection": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "CollectionGroupName": { + "type": "string" + }, + "Description": { + "markdownDescription": "A description of the collection.", "title": "Description", "type": "string" }, + "EncryptionConfig": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" + }, "Name": { - "markdownDescription": "The name of the policy.", + "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", "title": "Name", "type": "string" }, - "Policy": { - "markdownDescription": "The JSON policy document without any whitespaces.", - "title": "Policy", + "StandbyReplicas": { + "markdownDescription": "Indicates whether to use standby replicas for the collection. You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value.", + "title": "StandbyReplicas", "type": "string" }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + }, "Type": { - "markdownDescription": "The type of access policy. Currently the only option is `data` .", + "markdownDescription": "The type of collection. Possible values are `SEARCH` , `TIMESERIES` , and `VECTORSEARCH` . For more information, see [Choosing a collection type](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-usecase) .", "title": "Type", "type": "string" + }, + "VectorOptions": { + "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.VectorOptions" } }, "required": [ - "Name", - "Policy", - "Type" + "Name" ], "type": "object" }, "Type": { "enum": [ - "AWS::OpenSearchServerless::AccessPolicy" + "AWS::OpenSearchServerless::Collection" ], "type": "string" }, @@ -225513,7 +232032,40 @@ ], "type": "object" }, - "AWS::OpenSearchServerless::Collection": { + "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "additionalProperties": false, + "properties": { + "AWSOwnedKey": { + "type": "boolean" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::Collection.FipsEndpoints": { + "additionalProperties": false, + "properties": { + "CollectionEndpoint": { + "type": "string" + }, + "DashboardEndpoint": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::Collection.VectorOptions": { + "additionalProperties": false, + "properties": { + "ServerlessVectorAcceleration": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::OpenSearchServerless::CollectionGroup": { "additionalProperties": false, "properties": { "Condition": { @@ -225548,49 +232100,34 @@ "Properties": { "additionalProperties": false, "properties": { - "CollectionGroupName": { - "type": "string" + "CapacityLimits": { + "$ref": "#/definitions/AWS::OpenSearchServerless::CollectionGroup.CapacityLimits" }, "Description": { - "markdownDescription": "A description of the collection.", - "title": "Description", "type": "string" }, - "EncryptionConfig": { - "$ref": "#/definitions/AWS::OpenSearchServerless::Collection.EncryptionConfig" - }, "Name": { - "markdownDescription": "The name of the collection.\n\nCollection names must meet the following criteria:\n\n- Starts with a lowercase letter\n- Unique to your account and AWS Region\n- Contains between 3 and 28 characters\n- Contains only lowercase letters a-z, the numbers 0-9, and the hyphen (-)", - "title": "Name", "type": "string" }, "StandbyReplicas": { - "markdownDescription": "Indicates whether to use standby replicas for the collection. You can't update this property after the collection is already created. If you attempt to modify this property, the collection continues to use the original value.", - "title": "StandbyReplicas", "type": "string" }, "Tags": { "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "An arbitrary set of tags (key\u2013value pairs) to associate with the collection.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", - "title": "Tags", "type": "array" - }, - "Type": { - "markdownDescription": "The type of collection. Possible values are `SEARCH` , `TIMESERIES` , and `VECTORSEARCH` . For more information, see [Choosing a collection type](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-overview.html#serverless-usecase) .", - "title": "Type", - "type": "string" } }, "required": [ - "Name" + "Name", + "StandbyReplicas" ], "type": "object" }, "Type": { "enum": [ - "AWS::OpenSearchServerless::Collection" + "AWS::OpenSearchServerless::CollectionGroup" ], "type": "string" }, @@ -225609,14 +232146,20 @@ ], "type": "object" }, - "AWS::OpenSearchServerless::Collection.EncryptionConfig": { + "AWS::OpenSearchServerless::CollectionGroup.CapacityLimits": { "additionalProperties": false, "properties": { - "AWSOwnedKey": { - "type": "boolean" + "MaxIndexingCapacityInOcu": { + "type": "number" }, - "KmsKeyArn": { - "type": "string" + "MaxSearchCapacityInOcu": { + "type": "number" + }, + "MinIndexingCapacityInOcu": { + "type": "number" + }, + "MinSearchCapacityInOcu": { + "type": "number" } }, "type": "object" @@ -226339,6 +232882,9 @@ "markdownDescription": "Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management.", "title": "IamIdentityCenterOptions" }, + "KmsKeyArn": { + "type": "string" + }, "Name": { "markdownDescription": "The name of an OpenSearch application.", "title": "Name", @@ -226510,6 +233056,9 @@ "markdownDescription": "Configures OpenSearch Service to use Amazon Cognito authentication for OpenSearch Dashboards.", "title": "CognitoOptions" }, + "DeploymentStrategyOptions": { + "$ref": "#/definitions/AWS::OpenSearchService::Domain.DeploymentStrategyOptions" + }, "DomainEndpointOptions": { "$ref": "#/definitions/AWS::OpenSearchService::Domain.DomainEndpointOptions", "markdownDescription": "Specifies additional options for the domain endpoint, such as whether to require HTTPS for all traffic or whether to use a custom endpoint rather than the default endpoint.", @@ -226788,6 +233337,15 @@ }, "type": "object" }, + "AWS::OpenSearchService::Domain.DeploymentStrategyOptions": { + "additionalProperties": false, + "properties": { + "DeploymentStrategy": { + "type": "string" + } + }, + "type": "object" + }, "AWS::OpenSearchService::Domain.DomainEndpointOptions": { "additionalProperties": false, "properties": { @@ -230672,6 +237230,9 @@ }, "title": "Tags", "type": "object" + }, + "VpcEndpointId": { + "type": "string" } }, "required": [ @@ -230894,6 +237455,22 @@ ], "type": "object" }, + "AWS::PCS::Cluster.CgroupCustomSetting": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "type": "string" + }, + "ParameterValue": { + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, "AWS::PCS::Cluster.Endpoint": { "additionalProperties": false, "properties": { @@ -231037,6 +237614,12 @@ "markdownDescription": "The shared Slurm key for authentication, also known as the *cluster secret* .", "title": "AuthKey" }, + "CgroupCustomSettings": { + "items": { + "$ref": "#/definitions/AWS::PCS::Cluster.CgroupCustomSetting" + }, + "type": "array" + }, "JwtAuth": { "$ref": "#/definitions/AWS::PCS::Cluster.JwtAuth", "markdownDescription": "The JWT authentication configuration for Slurm REST API access.", @@ -231059,6 +237642,12 @@ "$ref": "#/definitions/AWS::PCS::Cluster.SlurmRest", "markdownDescription": "The Slurm REST API configuration for the cluster.", "title": "SlurmRest" + }, + "SlurmdbdCustomSettings": { + "items": { + "$ref": "#/definitions/AWS::PCS::Cluster.SlurmdbdCustomSetting" + }, + "type": "array" } }, "type": "object" @@ -231097,6 +237686,22 @@ ], "type": "object" }, + "AWS::PCS::Cluster.SlurmdbdCustomSetting": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "type": "string" + }, + "ParameterValue": { + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, "AWS::PCS::ComputeNodeGroup": { "additionalProperties": false, "properties": { @@ -251282,7 +257887,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -254896,17 +261501,89 @@ "title": "AddOrRunAnomalyDetectionForAnalyses", "type": "string" }, + "AmazonBedrockARSAction": { + "type": "string" + }, + "AmazonBedrockFSAction": { + "type": "string" + }, + "AmazonBedrockKRSAction": { + "type": "string" + }, + "AmazonSThreeAction": { + "type": "string" + }, "Analysis": { "markdownDescription": "The ability to perform analysis-related actions.", "title": "Analysis", "type": "string" }, + "ApproveFlowShareRequests": { + "type": "string" + }, + "AsanaAction": { + "type": "string" + }, "Automate": { "type": "string" }, + "BambooHRAction": { + "type": "string" + }, + "BoxAgentAction": { + "type": "string" + }, + "BuildCalculatedFieldWithQ": { + "type": "string" + }, + "CanvaAgentAction": { + "type": "string" + }, "ChatAgent": { "type": "string" }, + "ComprehendAction": { + "type": "string" + }, + "ComprehendMedicalAction": { + "type": "string" + }, + "ConfluenceAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockARSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockFSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonBedrockKRSAction": { + "type": "string" + }, + "CreateAndUpdateAmazonSThreeAction": { + "type": "string" + }, + "CreateAndUpdateAsanaAction": { + "type": "string" + }, + "CreateAndUpdateBambooHRAction": { + "type": "string" + }, + "CreateAndUpdateBoxAgentAction": { + "type": "string" + }, + "CreateAndUpdateCanvaAgentAction": { + "type": "string" + }, + "CreateAndUpdateComprehendAction": { + "type": "string" + }, + "CreateAndUpdateComprehendMedicalAction": { + "type": "string" + }, + "CreateAndUpdateConfluenceAction": { + "type": "string" + }, "CreateAndUpdateDashboardEmailReports": { "markdownDescription": "The ability to create and update email reports.", "title": "CreateAndUpdateDashboardEmailReports", @@ -254922,6 +261599,102 @@ "title": "CreateAndUpdateDatasets", "type": "string" }, + "CreateAndUpdateFactSetAction": { + "type": "string" + }, + "CreateAndUpdateGenericHTTPAction": { + "type": "string" + }, + "CreateAndUpdateGithubAction": { + "type": "string" + }, + "CreateAndUpdateGoogleCalendarAction": { + "type": "string" + }, + "CreateAndUpdateHubspotAction": { + "type": "string" + }, + "CreateAndUpdateHuggingFaceAction": { + "type": "string" + }, + "CreateAndUpdateIntercomAction": { + "type": "string" + }, + "CreateAndUpdateJiraAction": { + "type": "string" + }, + "CreateAndUpdateKnowledgeBases": { + "type": "string" + }, + "CreateAndUpdateLinearAction": { + "type": "string" + }, + "CreateAndUpdateMCPAction": { + "type": "string" + }, + "CreateAndUpdateMSExchangeAction": { + "type": "string" + }, + "CreateAndUpdateMSTeamsAction": { + "type": "string" + }, + "CreateAndUpdateMondayAction": { + "type": "string" + }, + "CreateAndUpdateNewRelicAction": { + "type": "string" + }, + "CreateAndUpdateNotionAction": { + "type": "string" + }, + "CreateAndUpdateOneDriveAction": { + "type": "string" + }, + "CreateAndUpdateOpenAPIAction": { + "type": "string" + }, + "CreateAndUpdatePagerDutyAction": { + "type": "string" + }, + "CreateAndUpdateSAPBillOfMaterialAction": { + "type": "string" + }, + "CreateAndUpdateSAPBusinessPartnerAction": { + "type": "string" + }, + "CreateAndUpdateSAPMaterialStockAction": { + "type": "string" + }, + "CreateAndUpdateSAPPhysicalInventoryAction": { + "type": "string" + }, + "CreateAndUpdateSAPProductMasterDataAction": { + "type": "string" + }, + "CreateAndUpdateSalesforceAction": { + "type": "string" + }, + "CreateAndUpdateSandPGMIAction": { + "type": "string" + }, + "CreateAndUpdateSandPGlobalEnergyAction": { + "type": "string" + }, + "CreateAndUpdateServiceNowAction": { + "type": "string" + }, + "CreateAndUpdateSharePointAction": { + "type": "string" + }, + "CreateAndUpdateSlackAction": { + "type": "string" + }, + "CreateAndUpdateSmartsheetAction": { + "type": "string" + }, + "CreateAndUpdateTextractAction": { + "type": "string" + }, "CreateAndUpdateThemes": { "markdownDescription": "The ability to export to Create and Update themes.", "title": "CreateAndUpdateThemes", @@ -254932,9 +261705,15 @@ "title": "CreateAndUpdateThresholdAlerts", "type": "string" }, + "CreateAndUpdateZendeskAction": { + "type": "string" + }, "CreateChatAgents": { "type": "string" }, + "CreateDashboardExecutiveSummaryWithQ": { + "type": "string" + }, "CreateSPICEDataset": { "markdownDescription": "The ability to create a SPICE dataset.", "title": "CreateSPICEDataset", @@ -254950,6 +261729,9 @@ "title": "Dashboard", "type": "string" }, + "EditVisualWithQ": { + "type": "string" + }, "ExportToCsv": { "markdownDescription": "The ability to export to CSV files from the UI.", "title": "ExportToCsv", @@ -254980,17 +261762,77 @@ "title": "ExportToPdfInScheduledReports", "type": "string" }, + "Extension": { + "type": "string" + }, + "FactSetAction": { + "type": "string" + }, "Flow": { "type": "string" }, + "GenericHTTPAction": { + "type": "string" + }, + "GithubAction": { + "type": "string" + }, + "GoogleCalendarAction": { + "type": "string" + }, + "HubspotAction": { + "type": "string" + }, + "HuggingFaceAction": { + "type": "string" + }, "IncludeContentInScheduledReportsEmail": { "markdownDescription": "The ability to include content in scheduled email reports.", "title": "IncludeContentInScheduledReportsEmail", "type": "string" }, + "IntercomAction": { + "type": "string" + }, + "JiraAction": { + "type": "string" + }, "KnowledgeBase": { "type": "string" }, + "LinearAction": { + "type": "string" + }, + "MCPAction": { + "type": "string" + }, + "MSExchangeAction": { + "type": "string" + }, + "MSTeamsAction": { + "type": "string" + }, + "ManageSharedFolders": { + "type": "string" + }, + "MondayAction": { + "type": "string" + }, + "NewRelicAction": { + "type": "string" + }, + "NotionAction": { + "type": "string" + }, + "OneDriveAction": { + "type": "string" + }, + "OpenAPIAction": { + "type": "string" + }, + "PagerDutyAction": { + "type": "string" + }, "PerformFlowUiTask": { "type": "string" }, @@ -255010,11 +261852,71 @@ "Research": { "type": "string" }, + "SAPBillOfMaterialAction": { + "type": "string" + }, + "SAPBusinessPartnerAction": { + "type": "string" + }, + "SAPMaterialStockAction": { + "type": "string" + }, + "SAPPhysicalInventoryAction": { + "type": "string" + }, + "SAPProductMasterDataAction": { + "type": "string" + }, + "SalesforceAction": { + "type": "string" + }, + "SandPGMIAction": { + "type": "string" + }, + "SandPGlobalEnergyAction": { + "type": "string" + }, + "ServiceNowAction": { + "type": "string" + }, + "ShareAmazonBedrockARSAction": { + "type": "string" + }, + "ShareAmazonBedrockFSAction": { + "type": "string" + }, + "ShareAmazonBedrockKRSAction": { + "type": "string" + }, + "ShareAmazonSThreeAction": { + "type": "string" + }, "ShareAnalyses": { "markdownDescription": "The ability to share analyses.", "title": "ShareAnalyses", "type": "string" }, + "ShareAsanaAction": { + "type": "string" + }, + "ShareBambooHRAction": { + "type": "string" + }, + "ShareBoxAgentAction": { + "type": "string" + }, + "ShareCanvaAgentAction": { + "type": "string" + }, + "ShareComprehendAction": { + "type": "string" + }, + "ShareComprehendMedicalAction": { + "type": "string" + }, + "ShareConfluenceAction": { + "type": "string" + }, "ShareDashboards": { "markdownDescription": "The ability to share dashboards.", "title": "ShareDashboards", @@ -255030,6 +261932,114 @@ "title": "ShareDatasets", "type": "string" }, + "ShareFactSetAction": { + "type": "string" + }, + "ShareGenericHTTPAction": { + "type": "string" + }, + "ShareGithubAction": { + "type": "string" + }, + "ShareGoogleCalendarAction": { + "type": "string" + }, + "ShareHubspotAction": { + "type": "string" + }, + "ShareHuggingFaceAction": { + "type": "string" + }, + "ShareIntercomAction": { + "type": "string" + }, + "ShareJiraAction": { + "type": "string" + }, + "ShareKnowledgeBases": { + "type": "string" + }, + "ShareLinearAction": { + "type": "string" + }, + "ShareMCPAction": { + "type": "string" + }, + "ShareMSExchangeAction": { + "type": "string" + }, + "ShareMSTeamsAction": { + "type": "string" + }, + "ShareMondayAction": { + "type": "string" + }, + "ShareNewRelicAction": { + "type": "string" + }, + "ShareNotionAction": { + "type": "string" + }, + "ShareOneDriveAction": { + "type": "string" + }, + "ShareOpenAPIAction": { + "type": "string" + }, + "SharePagerDutyAction": { + "type": "string" + }, + "SharePointAction": { + "type": "string" + }, + "ShareSAPBillOfMaterialAction": { + "type": "string" + }, + "ShareSAPBusinessPartnerAction": { + "type": "string" + }, + "ShareSAPMaterialStockAction": { + "type": "string" + }, + "ShareSAPPhysicalInventoryAction": { + "type": "string" + }, + "ShareSAPProductMasterDataAction": { + "type": "string" + }, + "ShareSalesforceAction": { + "type": "string" + }, + "ShareSandPGMIAction": { + "type": "string" + }, + "ShareSandPGlobalEnergyAction": { + "type": "string" + }, + "ShareServiceNowAction": { + "type": "string" + }, + "ShareSharePointAction": { + "type": "string" + }, + "ShareSlackAction": { + "type": "string" + }, + "ShareSmartsheetAction": { + "type": "string" + }, + "ShareTextractAction": { + "type": "string" + }, + "ShareZendeskAction": { + "type": "string" + }, + "SlackAction": { + "type": "string" + }, + "SmartsheetAction": { + "type": "string" + }, "Space": { "type": "string" }, @@ -255038,16 +262048,154 @@ "title": "SubscribeDashboardEmailReports", "type": "string" }, + "TextractAction": { + "type": "string" + }, + "Topic": { + "type": "string" + }, "UseAgentWebSearch": { "type": "string" }, + "UseAmazonBedrockARSAction": { + "type": "string" + }, + "UseAmazonBedrockFSAction": { + "type": "string" + }, + "UseAmazonBedrockKRSAction": { + "type": "string" + }, + "UseAmazonSThreeAction": { + "type": "string" + }, + "UseAsanaAction": { + "type": "string" + }, + "UseBambooHRAction": { + "type": "string" + }, "UseBedrockModels": { "type": "string" }, + "UseBoxAgentAction": { + "type": "string" + }, + "UseCanvaAgentAction": { + "type": "string" + }, + "UseComprehendAction": { + "type": "string" + }, + "UseComprehendMedicalAction": { + "type": "string" + }, + "UseConfluenceAction": { + "type": "string" + }, + "UseFactSetAction": { + "type": "string" + }, + "UseGenericHTTPAction": { + "type": "string" + }, + "UseGithubAction": { + "type": "string" + }, + "UseGoogleCalendarAction": { + "type": "string" + }, + "UseHubspotAction": { + "type": "string" + }, + "UseHuggingFaceAction": { + "type": "string" + }, + "UseIntercomAction": { + "type": "string" + }, + "UseJiraAction": { + "type": "string" + }, + "UseLinearAction": { + "type": "string" + }, + "UseMCPAction": { + "type": "string" + }, + "UseMSExchangeAction": { + "type": "string" + }, + "UseMSTeamsAction": { + "type": "string" + }, + "UseMondayAction": { + "type": "string" + }, + "UseNewRelicAction": { + "type": "string" + }, + "UseNotionAction": { + "type": "string" + }, + "UseOneDriveAction": { + "type": "string" + }, + "UseOpenAPIAction": { + "type": "string" + }, + "UsePagerDutyAction": { + "type": "string" + }, + "UseSAPBillOfMaterialAction": { + "type": "string" + }, + "UseSAPBusinessPartnerAction": { + "type": "string" + }, + "UseSAPMaterialStockAction": { + "type": "string" + }, + "UseSAPPhysicalInventoryAction": { + "type": "string" + }, + "UseSAPProductMasterDataAction": { + "type": "string" + }, + "UseSalesforceAction": { + "type": "string" + }, + "UseSandPGMIAction": { + "type": "string" + }, + "UseSandPGlobalEnergyAction": { + "type": "string" + }, + "UseServiceNowAction": { + "type": "string" + }, + "UseSharePointAction": { + "type": "string" + }, + "UseSlackAction": { + "type": "string" + }, + "UseSmartsheetAction": { + "type": "string" + }, + "UseTextractAction": { + "type": "string" + }, + "UseZendeskAction": { + "type": "string" + }, "ViewAccountSPICECapacity": { "markdownDescription": "The ability to view account SPICE capacity.", "title": "ViewAccountSPICECapacity", "type": "string" + }, + "ZendeskAction": { + "type": "string" } }, "type": "object" @@ -266057,7 +273205,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -270017,7 +277165,7 @@ "items": { "type": "string" }, - "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups.", + "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick users or groups.", "title": "Principals", "type": "array" } @@ -271376,7 +278524,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -272253,6 +279401,9 @@ "markdownDescription": "The parameters for S3.", "title": "S3Parameters" }, + "S3TablesParameters": { + "$ref": "#/definitions/AWS::QuickSight::DataSource.S3TablesParameters" + }, "SnowflakeParameters": { "$ref": "#/definitions/AWS::QuickSight::DataSource.SnowflakeParameters", "markdownDescription": "The parameters for Snowflake.", @@ -272635,7 +279786,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" }, @@ -272670,6 +279821,15 @@ ], "type": "object" }, + "AWS::QuickSight::DataSource.S3TablesParameters": { + "additionalProperties": false, + "properties": { + "TableBucketArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::QuickSight::DataSource.SnowflakeParameters": { "additionalProperties": false, "properties": { @@ -273100,7 +280260,7 @@ "additionalProperties": false, "properties": { "RefreshType": { - "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", + "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick User Guide* .", "title": "RefreshType", "type": "string" }, @@ -282883,7 +290043,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -286685,7 +293845,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -296681,7 +303841,13 @@ "type": "string" }, "Tags": { + "additionalProperties": true, "markdownDescription": "The list of all tags added to the fleet.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } @@ -296764,7 +303930,13 @@ "type": "string" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the robot.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } @@ -296836,6 +304008,11 @@ "title": "CurrentRevisionId", "type": "string" }, + "Environment": { + "markdownDescription": "The environment of the robot application.", + "title": "Environment", + "type": "string" + }, "Name": { "markdownDescription": "The name of the robot application.", "title": "Name", @@ -296855,14 +304032,19 @@ "type": "array" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the robot application.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } }, "required": [ - "RobotSoftwareSuite", - "Sources" + "RobotSoftwareSuite" ], "type": "object" }, @@ -296902,8 +304084,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -297045,6 +304226,11 @@ "title": "CurrentRevisionId", "type": "string" }, + "Environment": { + "markdownDescription": "The environment of the simulation application.", + "title": "Environment", + "type": "string" + }, "Name": { "markdownDescription": "The name of the simulation application.", "title": "Name", @@ -297074,16 +304260,20 @@ "type": "array" }, "Tags": { + "additionalProperties": true, "markdownDescription": "A map that contains tag keys and tag values that are attached to the simulation application.", + "patternProperties": { + "^[a-zA-Z0-9]+$": { + "type": "string" + } + }, "title": "Tags", "type": "object" } }, "required": [ - "RenderingEngine", "RobotSoftwareSuite", - "SimulationSoftwareSuite", - "Sources" + "SimulationSoftwareSuite" ], "type": "object" }, @@ -297143,8 +304333,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -297163,8 +304352,7 @@ } }, "required": [ - "Name", - "Version" + "Name" ], "type": "object" }, @@ -298612,35 +305800,783 @@ "Properties": { "additionalProperties": false, "properties": { - "Comment": { - "markdownDescription": "*Optional:* Any comments you want to include about a change batch request.", - "title": "Comment", + "Comment": { + "markdownDescription": "*Optional:* Any comments you want to include about a change batch request.", + "title": "Comment", + "type": "string" + }, + "HostedZoneId": { + "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneId", + "type": "string" + }, + "HostedZoneName": { + "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneName", + "type": "string" + }, + "RecordSets": { + "items": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.RecordSet" + }, + "markdownDescription": "A complex type that contains one `RecordSet` element for each record that you want to create.", + "title": "RecordSets", + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53::RecordSetGroup" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.AliasTarget": { + "additionalProperties": false, + "properties": { + "DNSName": { + "markdownDescription": "*Alias records only:* The value that you specify depends on where you want to route queries:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the applicable domain name for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalDomainName` .\n- For edge-optimized APIs, specify the value of `distributionDomainName` . This is the name of the associated CloudFront distribution, such as `da1b2c3d4e5.cloudfront.net` .\n\n> The name of the record that you're creating must match a custom domain name for your API, such as `api.example.com` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Enter the API endpoint for the interface endpoint, such as `vpce-123456789abcdef01-example-us-east-1a.elasticloadbalancing.us-east-1.vpce.amazonaws.com` . For edge-optimized APIs, this is the domain name for the corresponding CloudFront distribution. You can get the value of `DnsName` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify the domain name that CloudFront assigned when you created your distribution.\n\nYour CloudFront distribution must include an alternate domain name that matches the name of the record. For example, if the name of the record is *acme.example.com* , your CloudFront distribution must include *acme.example.com* as one of the alternate domain names. For more information, see [Using Alternate Domain Names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) in the *Amazon CloudFront Developer Guide* .\n\nYou can't create a record in a private hosted zone to route traffic to a CloudFront distribution.\n\n> For failover alias records, you can't specify a CloudFront distribution for both the primary and secondary records. A distribution must include an alternate domain name that matches the name of the record. However, the primary and secondary records have the same name, and you can't include the same alternate domain name in more than one distribution.\n- **Elastic Beanstalk environment** - If the domain name for your Elastic Beanstalk environment includes the region that you deployed the environment in, you can create an alias record that routes traffic to the environment. For example, the domain name `my-environment. *us-west-2* .elasticbeanstalk.com` is a regionalized domain name.\n\n> For environments that were created before early 2016, the domain name doesn't include the region. To route traffic to these environments, you must create a CNAME record instead of an alias record. Note that you can't create a CNAME record for the root domain name. For example, if your domain name is example.com, you can create a record that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you can't create a record that routes traffic for example.com to your Elastic Beanstalk environment. \n\nFor Elastic Beanstalk environments that have regionalized subdomains, specify the `CNAME` attribute for the environment. You can use the following methods to get the value of the CNAME attribute:\n\n- *AWS Management Console* : For information about how to get the value by using the console, see [Using Custom Domains with AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html) in the *AWS Elastic Beanstalk Developer Guide* .\n- *Elastic Beanstalk API* : Use the `DescribeEnvironments` action to get the value of the `CNAME` attribute. For more information, see [DescribeEnvironments](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html) in the *AWS Elastic Beanstalk API Reference* .\n- *AWS CLI* : Use the `describe-environments` command to get the value of the `CNAME` attribute. For more information, see [describe-environments](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html) in the *AWS CLI* .\n- **ELB load balancer** - Specify the DNS name that is associated with the load balancer. Get the DNS name by using the AWS Management Console , the ELB API, or the AWS CLI .\n\n- *AWS Management Console* : Go to the EC2 page, choose *Load Balancers* in the navigation pane, choose the load balancer, choose the *Description* tab, and get the value of the *DNS name* field.\n\nIf you're routing traffic to a Classic Load Balancer, get the value that begins with *dualstack* . If you're routing traffic to another type of load balancer, get the value that applies to the record type, A or AAAA.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)\n- Application and Network Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the value of `DNSName` :\n\n- [Classic Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- [Application and Network Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)\n- Application and Network Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)\n- **Global Accelerator accelerator** - Specify the DNS name for your accelerator:\n\n- *Global Accelerator API* : To get the DNS name, use [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) .\n- *AWS CLI* : To get the DNS name, use [describe-accelerator](https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html) .\n- **Amazon S3 bucket that is configured as a static website** - Specify the domain name of the Amazon S3 website endpoint that you created the bucket in, for example, `s3-website.us-east-2.amazonaws.com` . For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* . For more information about using S3 buckets for websites, see [Getting Started with Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) in the *Amazon Route 53 Developer Guide.*\n- **Another Route 53 record** - Specify the value of the `Name` element for a record in the current hosted zone.\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't specify the domain name for a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record that you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", + "title": "DNSName", + "type": "string" + }, + "EvaluateTargetHealth": { + "markdownDescription": "*Applies only to alias records with any routing policy:* When `EvaluateTargetHealth` is `true` , an alias record inherits the health of the referenced AWS resource, such as an ELB load balancer or another record in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", + "title": "EvaluateTargetHealth", + "type": "boolean" + }, + "HostedZoneId": { + "markdownDescription": "*Alias resource records sets only* : The value used depends on where you want to route traffic:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalHostedZoneId` .\n- For edge-optimized APIs, specify the value of `distributionHostedZoneId` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Specify the hosted zone ID for your interface endpoint. You can get the value of `HostedZoneId` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify `Z2FDTNDATAQYW2` . This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.\n\n> Alias records for CloudFront can't be created in a private zone.\n- **Elastic Beanstalk environment** - Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) in the *Amazon Web Services General Reference* .\n- **ELB load balancer** - Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:\n\n- [Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html) table in the \"Elastic Load Balancing endpoints and quotas\" topic in the *Amazon Web Services General Reference* : Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.\n- *AWS Management Console* : Go to the Amazon EC2 page, choose *Load Balancers* in the navigation pane, select the load balancer, and get the value of the *Hosted zone* field on the *Description* tab.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneID` .\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the applicable value:\n\n- Classic Load Balancers: Get [CanonicalHostedZoneNameID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- Application and Network Load Balancers: Get [CanonicalHostedZoneID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html) to get the value of `CanonicalHostedZoneID` .\n- **Global Accelerator accelerator** - Specify `Z2BJ6XQ5FK7U4H` .\n- **An Amazon S3 bucket configured as a static website** - Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* .\n- **Another Route 53 record in your hosted zone** - Specify the hosted zone ID of your hosted zone. (An alias record can't reference a record in a different hosted zone.)", + "title": "HostedZoneId", + "type": "string" + } + }, + "required": [ + "DNSName", + "HostedZoneId" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.CidrRoutingConfig": { + "additionalProperties": false, + "properties": { + "CollectionId": { + "markdownDescription": "The CIDR collection ID.", + "title": "CollectionId", + "type": "string" + }, + "LocationName": { + "markdownDescription": "The CIDR collection location name.", + "title": "LocationName", + "type": "string" + } + }, + "required": [ + "CollectionId", + "LocationName" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.Coordinates": { + "additionalProperties": false, + "properties": { + "Latitude": { + "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", + "title": "Latitude", + "type": "string" + }, + "Longitude": { + "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", + "title": "Longitude", + "type": "string" + } + }, + "required": [ + "Latitude", + "Longitude" + ], + "type": "object" + }, + "AWS::Route53::RecordSetGroup.GeoLocation": { + "additionalProperties": false, + "properties": { + "ContinentCode": { + "markdownDescription": "For geolocation resource record sets, a two-letter abbreviation that identifies a continent. Route 53 supports the following continent codes:\n\n- *AF* : Africa\n- *AN* : Antarctica\n- *AS* : Asia\n- *EU* : Europe\n- *OC* : Oceania\n- *NA* : North America\n- *SA* : South America\n\nConstraint: Specifying `ContinentCode` with either `CountryCode` or `SubdivisionCode` returns an `InvalidInput` error.", + "title": "ContinentCode", + "type": "string" + }, + "CountryCode": { + "markdownDescription": "For geolocation resource record sets, the two-letter code for a country.\n\nRoute 53 uses the two-letter country codes that are specified in [ISO standard 3166-1 alpha-2](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) .", + "title": "CountryCode", + "type": "string" + }, + "SubdivisionCode": { + "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", + "title": "SubdivisionCode", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Route53::RecordSetGroup.GeoProximityLocation": { + "additionalProperties": false, + "properties": { + "AWSRegion": { + "markdownDescription": "The AWS Region the resource you are directing DNS traffic to, is in.", + "title": "AWSRegion", + "type": "string" + }, + "Bias": { + "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", + "title": "Bias", + "type": "number" + }, + "Coordinates": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.Coordinates", + "markdownDescription": "Contains the longitude and latitude for a geographic region.", + "title": "Coordinates" + }, + "LocalZoneGroup": { + "markdownDescription": "Specifies an AWS Local Zone Group.\n\nA local Zone Group is usually the Local Zone code without the ending character. For example, if the Local Zone is `us-east-1-bue-1a` the Local Zone Group is `us-east-1-bue-1` .\n\nYou can identify the Local Zones Group for a specific Local Zone by using the [describe-availability-zones](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html) CLI command:\n\nThis command returns: `\"GroupName\": \"us-west-2-den-1\"` , specifying that the Local Zone `us-west-2-den-1a` belongs to the Local Zone Group `us-west-2-den-1` .", + "title": "LocalZoneGroup", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Route53::RecordSetGroup.RecordSet": { + "additionalProperties": false, + "properties": { + "AliasTarget": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.AliasTarget", + "markdownDescription": "*Alias resource record sets only:* Information about the AWS resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to.\n\nIf you're creating resource records sets for a private hosted zone, note the following:\n\n- You can't create an alias resource record set in a private hosted zone to route traffic to a CloudFront distribution.\n- For information about creating failover resource record sets in a private hosted zone, see [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html) in the *Amazon Route 53 Developer Guide* .", + "title": "AliasTarget" + }, + "CidrRoutingConfig": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.CidrRoutingConfig", + "markdownDescription": "", + "title": "CidrRoutingConfig" + }, + "Failover": { + "markdownDescription": "*Failover resource record sets only:* To configure failover, you add the `Failover` element to two resource record sets. For one resource record set, you specify `PRIMARY` as the value for `Failover` ; for the other resource record set, you specify `SECONDARY` . In addition, you include the `HealthCheckId` element and specify the health check that you want Amazon Route 53 to perform for each resource record set.\n\nExcept where noted, the following failover behaviors assume that you have included the `HealthCheckId` element in both resource record sets:\n\n- When the primary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the secondary resource record set.\n- When the primary resource record set is unhealthy and the secondary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the secondary resource record set.\n- When the secondary resource record set is unhealthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the primary resource record set.\n- If you omit the `HealthCheckId` element for the secondary resource record set, and if the primary resource record set is unhealthy, Route 53 always responds to DNS queries with the applicable value from the secondary resource record set. This is true regardless of the health of the associated endpoint.\n\nYou can't create non-failover resource record sets that have the same values for the `Name` and `Type` elements as failover resource record sets.\n\nFor failover alias resource record sets, you must also include the `EvaluateTargetHealth` element and set the value to true.\n\nFor more information about configuring failover for Route 53, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)", + "title": "Failover", + "type": "string" + }, + "GeoLocation": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoLocation", + "markdownDescription": "*Geolocation resource record sets only:* A complex type that lets you control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. For example, if you want all queries from Africa to be routed to a web server with an IP address of `192.0.2.111` , create a resource record set with a `Type` of `A` and a `ContinentCode` of `AF` .\n\nIf you create separate resource record sets for overlapping geographic regions (for example, one resource record set for a continent and one for a country on the same continent), priority goes to the smallest geographic region. This allows you to route most queries for a continent to one resource and to route queries for a country on that continent to a different resource.\n\nYou can't create two geolocation resource record sets that specify the same geographic location.\n\nThe value `*` in the `CountryCode` element matches all geographic locations that aren't specified in other geolocation resource record sets that have the same values for the `Name` and `Type` elements.\n\n> Geolocation works by mapping IP addresses to locations. However, some IP addresses aren't mapped to geographic locations, so even if you create geolocation resource record sets that cover all seven continents, Route 53 will receive some DNS queries from locations that it can't identify. We recommend that you create a resource record set for which the value of `CountryCode` is `*` . Two groups of queries are routed to the resource that you specify in this record: queries that come from locations for which you haven't created geolocation resource record sets and queries from IP addresses that aren't mapped to a location. If you don't create a `*` resource record set, Route 53 returns a \"no answer\" response for queries from those locations. \n\nYou can't create non-geolocation resource record sets that have the same values for the `Name` and `Type` elements as geolocation resource record sets.", + "title": "GeoLocation" + }, + "GeoProximityLocation": { + "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoProximityLocation", + "markdownDescription": "A complex type that contains information about a geographic location.", + "title": "GeoProximityLocation" + }, + "HealthCheckId": { + "markdownDescription": "If you want Amazon Route 53 to return this resource record set in response to a DNS query only when the status of a health check is healthy, include the `HealthCheckId` element and specify the ID of the applicable health check.\n\nRoute 53 determines whether a resource record set is healthy based on one of the following:\n\n- By periodically sending a request to the endpoint that is specified in the health check\n- By aggregating the status of a specified group of health checks (calculated health checks)\n- By determining the current state of a CloudWatch alarm (CloudWatch metric health checks)\n\n> Route 53 doesn't check the health of the endpoint that is specified in the resource record set, for example, the endpoint specified by the IP address in the `Value` element. When you add a `HealthCheckId` element to a resource record set, Route 53 checks the health of the endpoint that you specified in the health check. \n\nFor more information, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)\n\n*When to Specify HealthCheckId*\n\nSpecifying a value for `HealthCheckId` is useful only when Route 53 is choosing between two or more resource record sets to respond to a DNS query, and you want Route 53 to base the choice in part on the status of a health check. Configuring health checks makes sense only in the following configurations:\n\n- *Non-alias resource record sets* : You're checking the health of a group of non-alias resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A) and you specify health check IDs for all the resource record sets.\n\nIf the health check status for a resource record set is healthy, Route 53 includes the record among the records that it responds to DNS queries with.\n\nIf the health check status for a resource record set is unhealthy, Route 53 stops responding to DNS queries using the value for that resource record set.\n\nIf the health check status for all resource record sets in the group is unhealthy, Route 53 considers all resource record sets in the group healthy and responds to DNS queries accordingly.\n- *Alias resource record sets* : You specify the following settings:\n\n- You set `EvaluateTargetHealth` to true for an alias resource record set in a group of resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A).\n- You configure the alias resource record set to route traffic to a non-alias resource record set in the same hosted zone.\n- You specify a health check ID for the non-alias resource record set.\n\nIf the health check status is healthy, Route 53 considers the alias resource record set to be healthy and includes the alias record among the records that it responds to DNS queries with.\n\nIf the health check status is unhealthy, Route 53 stops responding to DNS queries using the alias resource record set.\n\n> The alias resource record set can also route traffic to a *group* of non-alias resource record sets that have the same routing policy, name, and type. In that configuration, associate health checks with all of the resource record sets in the group of non-alias resource record sets.\n\n*Geolocation Routing*\n\nFor geolocation resource record sets, if an endpoint is unhealthy, Route 53 looks for a resource record set for the larger, associated geographic region. For example, suppose you have resource record sets for a state in the United States, for the entire United States, for North America, and a resource record set that has `*` for `CountryCode` is `*` , which applies to all locations. If the endpoint for the state resource record set is unhealthy, Route 53 checks for healthy resource record sets in the following order until it finds a resource record set for which the endpoint is healthy:\n\n- The United States\n- North America\n- The default resource record set\n\n*Specifying the Health Check Endpoint by Domain Name*\n\nIf your health checks specify the endpoint only by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each `HTTP` server that is serving content for `www.example.com` . For the value of `FullyQualifiedDomainName` , specify the domain name of the server (such as `us-east-2-www.example.com` ), not the name of the resource record sets ( `www.example.com` ).\n\n> Health check results will be unpredictable if you do the following:\n> \n> - Create a health check that has the same value for `FullyQualifiedDomainName` as the name of a resource record set.\n> - Associate that health check with the resource record set.", + "title": "HealthCheckId", + "type": "string" + }, + "HostedZoneId": { + "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .\n\nDo not provide the `HostedZoneId` if it is already defined in `AWS::Route53::RecordSetGroup` . The creation fails if `HostedZoneId` is defined in both.", + "title": "HostedZoneId", + "type": "string" + }, + "HostedZoneName": { + "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", + "title": "HostedZoneName", + "type": "string" + }, + "MultiValueAnswer": { + "markdownDescription": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", + "title": "MultiValueAnswer", + "type": "boolean" + }, + "Name": { + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "title": "Name", + "type": "string" + }, + "Region": { + "markdownDescription": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", + "title": "Region", + "type": "string" + }, + "ResourceRecords": { + "items": { + "type": "string" + }, + "markdownDescription": "Information about the records that you want to create. Each record should be in the format appropriate for the record type specified by the `Type` property. For information about different record types and their record formats, see [Values That You Specify When You Create or Edit Amazon Route 53 Records](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html) in the *Amazon Route 53 Developer Guide* .", + "title": "ResourceRecords", + "type": "array" + }, + "SetIdentifier": { + "markdownDescription": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", + "title": "SetIdentifier", + "type": "string" + }, + "TTL": { + "markdownDescription": "The resource record cache time to live (TTL), in seconds. Note the following:\n\n- If you're creating or updating an alias resource record set, omit `TTL` . Amazon Route 53 uses the value of `TTL` for the alias target.\n- If you're associating this resource record set with a health check (if you're adding a `HealthCheckId` element), we recommend that you specify a `TTL` of 60 seconds or less so clients respond quickly to changes in health status.\n- All of the resource record sets in a group of weighted resource record sets must have the same value for `TTL` .\n- If a group of weighted resource record sets includes one or more weighted alias resource record sets for which the alias target is an ELB load balancer, we recommend that you specify a `TTL` of 60 seconds for all of the non-alias weighted resource record sets that have the same name and type. Values other than 60 seconds (the TTL for load balancers) will change the effect of the values that you specify for `Weight` .", + "title": "TTL", + "type": "string" + }, + "Type": { + "markdownDescription": "The DNS record type. For information about different record types and how data is encoded for them, see [Supported DNS Resource Record Types](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) in the *Amazon Route 53 Developer Guide* .\n\nValid values for basic resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `DS` | `MX` | `NAPTR` | `NS` | `PTR` | `SOA` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\nValues for weighted, latency, geolocation, and failover resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS` . When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.\n\nValid values for multivalue answer resource record sets: `A` | `AAAA` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `CAA` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\n> SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of `Type` is `SPF` . RFC 7208, *Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1* , has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, [The SPF DNS Record Type](https://docs.aws.amazon.com/http://tools.ietf.org/html/rfc7208#section-14.1) . \n\nValues for alias resource record sets:\n\n- *Amazon API Gateway custom regional APIs and edge-optimized APIs:* `A`\n- *CloudFront distributions:* `A`\n\nIf IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of `A` and one with a value of `AAAA` .\n- *Amazon API Gateway environment that has a regionalized subdomain* : `A`\n- *ELB load balancers:* `A` | `AAAA`\n- *Amazon S3 buckets:* `A`\n- *Amazon Virtual Private Cloud interface VPC endpoints* `A`\n- *Another resource record set in this hosted zone:* Specify the type of the resource record set that you're creating the alias for. All values are supported except `NS` and `SOA` .\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", + "title": "Type", + "type": "string" + }, + "Weight": { + "markdownDescription": "*Weighted resource record sets only:* Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set. Route 53 calculates the sum of the weights for the resource record sets that have the same combination of DNS name and type. Route 53 then responds to queries based on the ratio of a resource's weight to the total. Note the following:\n\n- You must specify a value for the `Weight` element for every weighted resource record set.\n- You can only specify one `ResourceRecord` per weighted resource record set.\n- You can't create latency, failover, or geolocation resource record sets that have the same values for the `Name` and `Type` elements as weighted resource record sets.\n- You can create a maximum of 100 weighted resource record sets that have the same values for the `Name` and `Type` elements.\n- For weighted (but not weighted alias) resource record sets, if you set `Weight` to `0` for a resource record set, Route 53 never responds to queries with the applicable value for that resource record set. However, if you set `Weight` to `0` for all resource record sets that have the same combination of DNS name and type, traffic is routed to all resources with equal probability.\n\nThe effect of setting `Weight` to `0` is different when you associate health checks with weighted resource record sets. For more information, see [Options for Configuring Route 53 Active-Active and Active-Passive Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html) in the *Amazon Route 53 Developer Guide* .", + "title": "Weight", + "type": "number" + } + }, + "required": [ + "Name", + "Type" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::AccessSource": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Cidr": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "IpAddressType": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Protocol": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Cidr", + "DnsViewId", + "Protocol" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::AccessSource" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::AccessToken": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "ExpiresAt": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "DnsViewId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::AccessToken" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::DnsView": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DnssecValidation": { + "type": "string" + }, + "EdnsClientSubnet": { + "type": "string" + }, + "FirewallRulesFailOpen": { + "type": "string" + }, + "GlobalResolverId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "GlobalResolverId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::DnsView" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::FirewallDomainList": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DomainFileUrl": { + "type": "string" + }, + "Domains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "GlobalResolverId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "GlobalResolverId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::FirewallDomainList" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::FirewallRule": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Action": { + "type": "string" + }, + "BlockOverrideDnsType": { + "type": "string" + }, + "BlockOverrideDomain": { + "type": "string" + }, + "BlockOverrideTtl": { + "type": "number" + }, + "BlockResponse": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "ConfidenceThreshold": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "DnsAdvancedProtection": { + "type": "string" + }, + "DnsViewId": { + "type": "string" + }, + "FirewallDomainListId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Priority": { + "type": "number" + }, + "QType": { + "type": "string" + } + }, + "required": [ + "Action", + "DnsViewId", + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Route53GlobalResolver::FirewallRule" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Route53GlobalResolver::GlobalResolver": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { "type": "string" }, - "HostedZoneId": { - "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneId", + "Description": { "type": "string" }, - "HostedZoneName": { - "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneName", + "IpAddressType": { "type": "string" }, - "RecordSets": { + "Name": { + "type": "string" + }, + "ObservabilityRegion": { + "type": "string" + }, + "Regions": { "items": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.RecordSet" + "type": "string" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" }, - "markdownDescription": "A complex type that contains one `RecordSet` element for each record that you want to create.", - "title": "RecordSets", "type": "array" } }, + "required": [ + "Name", + "Regions" + ], "type": "object" }, "Type": { "enum": [ - "AWS::Route53::RecordSetGroup" + "AWS::Route53GlobalResolver::GlobalResolver" ], "type": "string" }, @@ -298654,212 +306590,81 @@ } }, "required": [ - "Type" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.AliasTarget": { - "additionalProperties": false, - "properties": { - "DNSName": { - "markdownDescription": "*Alias records only:* The value that you specify depends on where you want to route queries:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the applicable domain name for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalDomainName` .\n- For edge-optimized APIs, specify the value of `distributionDomainName` . This is the name of the associated CloudFront distribution, such as `da1b2c3d4e5.cloudfront.net` .\n\n> The name of the record that you're creating must match a custom domain name for your API, such as `api.example.com` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Enter the API endpoint for the interface endpoint, such as `vpce-123456789abcdef01-example-us-east-1a.elasticloadbalancing.us-east-1.vpce.amazonaws.com` . For edge-optimized APIs, this is the domain name for the corresponding CloudFront distribution. You can get the value of `DnsName` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify the domain name that CloudFront assigned when you created your distribution.\n\nYour CloudFront distribution must include an alternate domain name that matches the name of the record. For example, if the name of the record is *acme.example.com* , your CloudFront distribution must include *acme.example.com* as one of the alternate domain names. For more information, see [Using Alternate Domain Names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) in the *Amazon CloudFront Developer Guide* .\n\nYou can't create a record in a private hosted zone to route traffic to a CloudFront distribution.\n\n> For failover alias records, you can't specify a CloudFront distribution for both the primary and secondary records. A distribution must include an alternate domain name that matches the name of the record. However, the primary and secondary records have the same name, and you can't include the same alternate domain name in more than one distribution.\n- **Elastic Beanstalk environment** - If the domain name for your Elastic Beanstalk environment includes the region that you deployed the environment in, you can create an alias record that routes traffic to the environment. For example, the domain name `my-environment. *us-west-2* .elasticbeanstalk.com` is a regionalized domain name.\n\n> For environments that were created before early 2016, the domain name doesn't include the region. To route traffic to these environments, you must create a CNAME record instead of an alias record. Note that you can't create a CNAME record for the root domain name. For example, if your domain name is example.com, you can create a record that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you can't create a record that routes traffic for example.com to your Elastic Beanstalk environment. \n\nFor Elastic Beanstalk environments that have regionalized subdomains, specify the `CNAME` attribute for the environment. You can use the following methods to get the value of the CNAME attribute:\n\n- *AWS Management Console* : For information about how to get the value by using the console, see [Using Custom Domains with AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html) in the *AWS Elastic Beanstalk Developer Guide* .\n- *Elastic Beanstalk API* : Use the `DescribeEnvironments` action to get the value of the `CNAME` attribute. For more information, see [DescribeEnvironments](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html) in the *AWS Elastic Beanstalk API Reference* .\n- *AWS CLI* : Use the `describe-environments` command to get the value of the `CNAME` attribute. For more information, see [describe-environments](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html) in the *AWS CLI* .\n- **ELB load balancer** - Specify the DNS name that is associated with the load balancer. Get the DNS name by using the AWS Management Console , the ELB API, or the AWS CLI .\n\n- *AWS Management Console* : Go to the EC2 page, choose *Load Balancers* in the navigation pane, choose the load balancer, choose the *Description* tab, and get the value of the *DNS name* field.\n\nIf you're routing traffic to a Classic Load Balancer, get the value that begins with *dualstack* . If you're routing traffic to another type of load balancer, get the value that applies to the record type, A or AAAA.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)\n- Application and Network Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the value of `DNSName` :\n\n- [Classic Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- [Application and Network Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)\n- Application and Network Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)\n- **Global Accelerator accelerator** - Specify the DNS name for your accelerator:\n\n- *Global Accelerator API* : To get the DNS name, use [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) .\n- *AWS CLI* : To get the DNS name, use [describe-accelerator](https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html) .\n- **Amazon S3 bucket that is configured as a static website** - Specify the domain name of the Amazon S3 website endpoint that you created the bucket in, for example, `s3-website.us-east-2.amazonaws.com` . For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* . For more information about using S3 buckets for websites, see [Getting Started with Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) in the *Amazon Route 53 Developer Guide.*\n- **Another Route 53 record** - Specify the value of the `Name` element for a record in the current hosted zone.\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't specify the domain name for a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record that you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", - "title": "DNSName", - "type": "string" - }, - "EvaluateTargetHealth": { - "markdownDescription": "*Applies only to alias records with any routing policy:* When `EvaluateTargetHealth` is `true` , an alias record inherits the health of the referenced AWS resource, such as an ELB load balancer or another record in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", - "title": "EvaluateTargetHealth", - "type": "boolean" - }, - "HostedZoneId": { - "markdownDescription": "*Alias resource records sets only* : The value used depends on where you want to route traffic:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalHostedZoneId` .\n- For edge-optimized APIs, specify the value of `distributionHostedZoneId` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Specify the hosted zone ID for your interface endpoint. You can get the value of `HostedZoneId` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify `Z2FDTNDATAQYW2` . This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.\n\n> Alias records for CloudFront can't be created in a private zone.\n- **Elastic Beanstalk environment** - Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) in the *Amazon Web Services General Reference* .\n- **ELB load balancer** - Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:\n\n- [Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html) table in the \"Elastic Load Balancing endpoints and quotas\" topic in the *Amazon Web Services General Reference* : Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.\n- *AWS Management Console* : Go to the Amazon EC2 page, choose *Load Balancers* in the navigation pane, select the load balancer, and get the value of the *Hosted zone* field on the *Description* tab.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneID` .\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the applicable value:\n\n- Classic Load Balancers: Get [CanonicalHostedZoneNameID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- Application and Network Load Balancers: Get [CanonicalHostedZoneID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html) to get the value of `CanonicalHostedZoneID` .\n- **Global Accelerator accelerator** - Specify `Z2BJ6XQ5FK7U4H` .\n- **An Amazon S3 bucket configured as a static website** - Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* .\n- **Another Route 53 record in your hosted zone** - Specify the hosted zone ID of your hosted zone. (An alias record can't reference a record in a different hosted zone.)", - "title": "HostedZoneId", - "type": "string" - } - }, - "required": [ - "DNSName", - "HostedZoneId" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.CidrRoutingConfig": { - "additionalProperties": false, - "properties": { - "CollectionId": { - "markdownDescription": "The CIDR collection ID.", - "title": "CollectionId", - "type": "string" - }, - "LocationName": { - "markdownDescription": "The CIDR collection location name.", - "title": "LocationName", - "type": "string" - } - }, - "required": [ - "CollectionId", - "LocationName" - ], - "type": "object" - }, - "AWS::Route53::RecordSetGroup.Coordinates": { - "additionalProperties": false, - "properties": { - "Latitude": { - "markdownDescription": "Specifies a coordinate of the north\u2013south position of a geographic point on the surface of the Earth (-90 - 90).", - "title": "Latitude", - "type": "string" - }, - "Longitude": { - "markdownDescription": "Specifies a coordinate of the east\u2013west position of a geographic point on the surface of the Earth (-180 - 180).", - "title": "Longitude", - "type": "string" - } - }, - "required": [ - "Latitude", - "Longitude" + "Type", + "Properties" ], "type": "object" }, - "AWS::Route53::RecordSetGroup.GeoLocation": { - "additionalProperties": false, - "properties": { - "ContinentCode": { - "markdownDescription": "For geolocation resource record sets, a two-letter abbreviation that identifies a continent. Route 53 supports the following continent codes:\n\n- *AF* : Africa\n- *AN* : Antarctica\n- *AS* : Asia\n- *EU* : Europe\n- *OC* : Oceania\n- *NA* : North America\n- *SA* : South America\n\nConstraint: Specifying `ContinentCode` with either `CountryCode` or `SubdivisionCode` returns an `InvalidInput` error.", - "title": "ContinentCode", - "type": "string" - }, - "CountryCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a country.\n\nRoute 53 uses the two-letter country codes that are specified in [ISO standard 3166-1 alpha-2](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) .", - "title": "CountryCode", - "type": "string" - }, - "SubdivisionCode": { - "markdownDescription": "For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for `SubdivisionCode` . For a list of state abbreviations, see [Appendix B: Two\u2013Letter State and Possession Abbreviations](https://docs.aws.amazon.com/https://pe.usps.com/text/pub28/28apb.htm) on the United States Postal Service website.\n\nIf you specify `subdivisioncode` , you must also specify `US` for `CountryCode` .", - "title": "SubdivisionCode", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Route53::RecordSetGroup.GeoProximityLocation": { + "AWS::Route53GlobalResolver::HostedZoneAssociation": { "additionalProperties": false, "properties": { - "AWSRegion": { - "markdownDescription": "The AWS Region the resource you are directing DNS traffic to, is in.", - "title": "AWSRegion", - "type": "string" - }, - "Bias": { - "markdownDescription": "The bias increases or decreases the size of the geographic region from which Route\u00a053 routes traffic to a resource.\n\nTo use `Bias` to change the size of the geographic region, specify the applicable value for the bias:\n\n- To expand the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a positive integer from 1 to 99 for the bias. Route\u00a053 shrinks the size of adjacent regions.\n- To shrink the size of the geographic region from which Route\u00a053 routes traffic to a resource, specify a negative bias of -1 to -99. Route\u00a053 expands the size of adjacent regions.", - "title": "Bias", - "type": "number" - }, - "Coordinates": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.Coordinates", - "markdownDescription": "Contains the longitude and latitude for a geographic region.", - "title": "Coordinates" - }, - "LocalZoneGroup": { - "markdownDescription": "Specifies an AWS Local Zone Group.\n\nA local Zone Group is usually the Local Zone code without the ending character. For example, if the Local Zone is `us-east-1-bue-1a` the Local Zone Group is `us-east-1-bue-1` .\n\nYou can identify the Local Zones Group for a specific Local Zone by using the [describe-availability-zones](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html) CLI command:\n\nThis command returns: `\"GroupName\": \"us-west-2-den-1\"` , specifying that the Local Zone `us-west-2-den-1a` belongs to the Local Zone Group `us-west-2-den-1` .", - "title": "LocalZoneGroup", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Route53::RecordSetGroup.RecordSet": { - "additionalProperties": false, - "properties": { - "AliasTarget": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.AliasTarget", - "markdownDescription": "*Alias resource record sets only:* Information about the AWS resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to.\n\nIf you're creating resource records sets for a private hosted zone, note the following:\n\n- You can't create an alias resource record set in a private hosted zone to route traffic to a CloudFront distribution.\n- For information about creating failover resource record sets in a private hosted zone, see [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html) in the *Amazon Route 53 Developer Guide* .", - "title": "AliasTarget" - }, - "CidrRoutingConfig": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.CidrRoutingConfig", - "markdownDescription": "", - "title": "CidrRoutingConfig" - }, - "Failover": { - "markdownDescription": "*Failover resource record sets only:* To configure failover, you add the `Failover` element to two resource record sets. For one resource record set, you specify `PRIMARY` as the value for `Failover` ; for the other resource record set, you specify `SECONDARY` . In addition, you include the `HealthCheckId` element and specify the health check that you want Amazon Route 53 to perform for each resource record set.\n\nExcept where noted, the following failover behaviors assume that you have included the `HealthCheckId` element in both resource record sets:\n\n- When the primary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the secondary resource record set.\n- When the primary resource record set is unhealthy and the secondary resource record set is healthy, Route 53 responds to DNS queries with the applicable value from the secondary resource record set.\n- When the secondary resource record set is unhealthy, Route 53 responds to DNS queries with the applicable value from the primary resource record set regardless of the health of the primary resource record set.\n- If you omit the `HealthCheckId` element for the secondary resource record set, and if the primary resource record set is unhealthy, Route 53 always responds to DNS queries with the applicable value from the secondary resource record set. This is true regardless of the health of the associated endpoint.\n\nYou can't create non-failover resource record sets that have the same values for the `Name` and `Type` elements as failover resource record sets.\n\nFor failover alias resource record sets, you must also include the `EvaluateTargetHealth` element and set the value to true.\n\nFor more information about configuring failover for Route 53, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)", - "title": "Failover", - "type": "string" - }, - "GeoLocation": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoLocation", - "markdownDescription": "*Geolocation resource record sets only:* A complex type that lets you control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. For example, if you want all queries from Africa to be routed to a web server with an IP address of `192.0.2.111` , create a resource record set with a `Type` of `A` and a `ContinentCode` of `AF` .\n\nIf you create separate resource record sets for overlapping geographic regions (for example, one resource record set for a continent and one for a country on the same continent), priority goes to the smallest geographic region. This allows you to route most queries for a continent to one resource and to route queries for a country on that continent to a different resource.\n\nYou can't create two geolocation resource record sets that specify the same geographic location.\n\nThe value `*` in the `CountryCode` element matches all geographic locations that aren't specified in other geolocation resource record sets that have the same values for the `Name` and `Type` elements.\n\n> Geolocation works by mapping IP addresses to locations. However, some IP addresses aren't mapped to geographic locations, so even if you create geolocation resource record sets that cover all seven continents, Route 53 will receive some DNS queries from locations that it can't identify. We recommend that you create a resource record set for which the value of `CountryCode` is `*` . Two groups of queries are routed to the resource that you specify in this record: queries that come from locations for which you haven't created geolocation resource record sets and queries from IP addresses that aren't mapped to a location. If you don't create a `*` resource record set, Route 53 returns a \"no answer\" response for queries from those locations. \n\nYou can't create non-geolocation resource record sets that have the same values for the `Name` and `Type` elements as geolocation resource record sets.", - "title": "GeoLocation" - }, - "GeoProximityLocation": { - "$ref": "#/definitions/AWS::Route53::RecordSetGroup.GeoProximityLocation", - "markdownDescription": "A complex type that contains information about a geographic location.", - "title": "GeoProximityLocation" - }, - "HealthCheckId": { - "markdownDescription": "If you want Amazon Route 53 to return this resource record set in response to a DNS query only when the status of a health check is healthy, include the `HealthCheckId` element and specify the ID of the applicable health check.\n\nRoute 53 determines whether a resource record set is healthy based on one of the following:\n\n- By periodically sending a request to the endpoint that is specified in the health check\n- By aggregating the status of a specified group of health checks (calculated health checks)\n- By determining the current state of a CloudWatch alarm (CloudWatch metric health checks)\n\n> Route 53 doesn't check the health of the endpoint that is specified in the resource record set, for example, the endpoint specified by the IP address in the `Value` element. When you add a `HealthCheckId` element to a resource record set, Route 53 checks the health of the endpoint that you specified in the health check. \n\nFor more information, see the following topics in the *Amazon Route 53 Developer Guide* :\n\n- [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html)\n- [Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html)\n- [Configuring Failover in a Private Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-private-hosted-zones.html)\n\n*When to Specify HealthCheckId*\n\nSpecifying a value for `HealthCheckId` is useful only when Route 53 is choosing between two or more resource record sets to respond to a DNS query, and you want Route 53 to base the choice in part on the status of a health check. Configuring health checks makes sense only in the following configurations:\n\n- *Non-alias resource record sets* : You're checking the health of a group of non-alias resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A) and you specify health check IDs for all the resource record sets.\n\nIf the health check status for a resource record set is healthy, Route 53 includes the record among the records that it responds to DNS queries with.\n\nIf the health check status for a resource record set is unhealthy, Route 53 stops responding to DNS queries using the value for that resource record set.\n\nIf the health check status for all resource record sets in the group is unhealthy, Route 53 considers all resource record sets in the group healthy and responds to DNS queries accordingly.\n- *Alias resource record sets* : You specify the following settings:\n\n- You set `EvaluateTargetHealth` to true for an alias resource record set in a group of resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A).\n- You configure the alias resource record set to route traffic to a non-alias resource record set in the same hosted zone.\n- You specify a health check ID for the non-alias resource record set.\n\nIf the health check status is healthy, Route 53 considers the alias resource record set to be healthy and includes the alias record among the records that it responds to DNS queries with.\n\nIf the health check status is unhealthy, Route 53 stops responding to DNS queries using the alias resource record set.\n\n> The alias resource record set can also route traffic to a *group* of non-alias resource record sets that have the same routing policy, name, and type. In that configuration, associate health checks with all of the resource record sets in the group of non-alias resource record sets.\n\n*Geolocation Routing*\n\nFor geolocation resource record sets, if an endpoint is unhealthy, Route 53 looks for a resource record set for the larger, associated geographic region. For example, suppose you have resource record sets for a state in the United States, for the entire United States, for North America, and a resource record set that has `*` for `CountryCode` is `*` , which applies to all locations. If the endpoint for the state resource record set is unhealthy, Route 53 checks for healthy resource record sets in the following order until it finds a resource record set for which the endpoint is healthy:\n\n- The United States\n- North America\n- The default resource record set\n\n*Specifying the Health Check Endpoint by Domain Name*\n\nIf your health checks specify the endpoint only by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each `HTTP` server that is serving content for `www.example.com` . For the value of `FullyQualifiedDomainName` , specify the domain name of the server (such as `us-east-2-www.example.com` ), not the name of the resource record sets ( `www.example.com` ).\n\n> Health check results will be unpredictable if you do the following:\n> \n> - Create a health check that has the same value for `FullyQualifiedDomainName` as the name of a resource record set.\n> - Associate that health check with the resource record set.", - "title": "HealthCheckId", - "type": "string" - }, - "HostedZoneId": { - "markdownDescription": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .\n\nDo not provide the `HostedZoneId` if it is already defined in `AWS::Route53::RecordSetGroup` . The creation fails if `HostedZoneId` is defined in both.", - "title": "HostedZoneId", + "Condition": { "type": "string" }, - "HostedZoneName": { - "markdownDescription": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", - "title": "HostedZoneName", + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], "type": "string" }, - "MultiValueAnswer": { - "markdownDescription": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", - "title": "MultiValueAnswer", - "type": "boolean" - }, - "Name": { - "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", - "title": "Name", - "type": "string" + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] }, - "Region": { - "markdownDescription": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", - "title": "Region", - "type": "string" + "Metadata": { + "type": "object" }, - "ResourceRecords": { - "items": { - "type": "string" + "Properties": { + "additionalProperties": false, + "properties": { + "HostedZoneId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "ResourceArn": { + "type": "string" + } }, - "markdownDescription": "Information about the records that you want to create. Each record should be in the format appropriate for the record type specified by the `Type` property. For information about different record types and their record formats, see [Values That You Specify When You Create or Edit Amazon Route 53 Records](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html) in the *Amazon Route 53 Developer Guide* .", - "title": "ResourceRecords", - "type": "array" - }, - "SetIdentifier": { - "markdownDescription": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", - "title": "SetIdentifier", - "type": "string" - }, - "TTL": { - "markdownDescription": "The resource record cache time to live (TTL), in seconds. Note the following:\n\n- If you're creating or updating an alias resource record set, omit `TTL` . Amazon Route 53 uses the value of `TTL` for the alias target.\n- If you're associating this resource record set with a health check (if you're adding a `HealthCheckId` element), we recommend that you specify a `TTL` of 60 seconds or less so clients respond quickly to changes in health status.\n- All of the resource record sets in a group of weighted resource record sets must have the same value for `TTL` .\n- If a group of weighted resource record sets includes one or more weighted alias resource record sets for which the alias target is an ELB load balancer, we recommend that you specify a `TTL` of 60 seconds for all of the non-alias weighted resource record sets that have the same name and type. Values other than 60 seconds (the TTL for load balancers) will change the effect of the values that you specify for `Weight` .", - "title": "TTL", - "type": "string" + "required": [ + "HostedZoneId", + "Name", + "ResourceArn" + ], + "type": "object" }, "Type": { - "markdownDescription": "The DNS record type. For information about different record types and how data is encoded for them, see [Supported DNS Resource Record Types](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) in the *Amazon Route 53 Developer Guide* .\n\nValid values for basic resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `DS` | `MX` | `NAPTR` | `NS` | `PTR` | `SOA` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\nValues for weighted, latency, geolocation, and failover resource record sets: `A` | `AAAA` | `CAA` | `CNAME` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS` . When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.\n\nValid values for multivalue answer resource record sets: `A` | `AAAA` | `MX` | `NAPTR` | `PTR` | `SPF` | `SRV` | `TXT` | `CAA` | `TLSA` | `SSHFP` | `SVCB` | `HTTPS`\n\n> SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of `Type` is `SPF` . RFC 7208, *Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1* , has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, [The SPF DNS Record Type](https://docs.aws.amazon.com/http://tools.ietf.org/html/rfc7208#section-14.1) . \n\nValues for alias resource record sets:\n\n- *Amazon API Gateway custom regional APIs and edge-optimized APIs:* `A`\n- *CloudFront distributions:* `A`\n\nIf IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of `A` and one with a value of `AAAA` .\n- *Amazon API Gateway environment that has a regionalized subdomain* : `A`\n- *ELB load balancers:* `A` | `AAAA`\n- *Amazon S3 buckets:* `A`\n- *Amazon Virtual Private Cloud interface VPC endpoints* `A`\n- *Another resource record set in this hosted zone:* Specify the type of the resource record set that you're creating the alias for. All values are supported except `NS` and `SOA` .\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", - "title": "Type", + "enum": [ + "AWS::Route53GlobalResolver::HostedZoneAssociation" + ], "type": "string" }, - "Weight": { - "markdownDescription": "*Weighted resource record sets only:* Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set. Route 53 calculates the sum of the weights for the resource record sets that have the same combination of DNS name and type. Route 53 then responds to queries based on the ratio of a resource's weight to the total. Note the following:\n\n- You must specify a value for the `Weight` element for every weighted resource record set.\n- You can only specify one `ResourceRecord` per weighted resource record set.\n- You can't create latency, failover, or geolocation resource record sets that have the same values for the `Name` and `Type` elements as weighted resource record sets.\n- You can create a maximum of 100 weighted resource record sets that have the same values for the `Name` and `Type` elements.\n- For weighted (but not weighted alias) resource record sets, if you set `Weight` to `0` for a resource record set, Route 53 never responds to queries with the applicable value for that resource record set. However, if you set `Weight` to `0` for all resource record sets that have the same combination of DNS name and type, traffic is routed to all resources with equal probability.\n\nThe effect of setting `Weight` to `0` is different when you associate health checks with weighted resource record sets. For more information, see [Options for Configuring Route 53 Active-Active and Active-Passive Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html) in the *Amazon Route 53 Developer Guide* .", - "title": "Weight", - "type": "number" + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" } }, "required": [ - "Name", - "Type" + "Type", + "Properties" ], "type": "object" }, @@ -301533,6 +309338,12 @@ "title": "BucketName", "type": "string" }, + "BucketNamePrefix": { + "type": "string" + }, + "BucketNamespace": { + "type": "string" + }, "CorsConfiguration": { "$ref": "#/definitions/AWS::S3::Bucket.CorsConfiguration", "markdownDescription": "Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide* .", @@ -304535,49 +312346,708 @@ "Properties": { "additionalProperties": false, "properties": { - "BucketEncryption": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.BucketEncryption", - "markdownDescription": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* .", - "title": "BucketEncryption" - }, - "BucketName": { - "markdownDescription": "A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format `*bucket_base_name* -- *zone_id* --x-s3` (for example, `*bucket_base_name* -- *usw2-az1* --x-s3` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", - "title": "BucketName", + "BucketEncryption": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.BucketEncryption", + "markdownDescription": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* .", + "title": "BucketEncryption" + }, + "BucketName": { + "markdownDescription": "A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format `*bucket_base_name* -- *zone_id* --x-s3` (for example, `*bucket_base_name* -- *usw2-az1* --x-s3` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see [Directory bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) in the *Amazon S3 User Guide* .\n\n> If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.", + "title": "BucketName", + "type": "string" + }, + "DataRedundancy": { + "markdownDescription": "The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.", + "title": "DataRedundancy", + "type": "string" + }, + "InventoryConfigurations": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.InventoryConfiguration" + }, + "type": "array" + }, + "LifecycleConfiguration": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.LifecycleConfiguration", + "markdownDescription": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Creating and managing a lifecycle configuration for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html ) in the *Amazon S3 User Guide* .", + "title": "LifecycleConfiguration" + }, + "LocationName": { + "markdownDescription": "The name of the location where the bucket will be created.\n\nFor directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is `usw2-az1` .", + "title": "LocationName", + "type": "string" + }, + "MetricsConfigurations": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.MetricsConfiguration" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of tags that you can apply to the S3 directory bucket. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html) .", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "DataRedundancy", + "LocationName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Express::DirectoryBucket" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload": { + "additionalProperties": false, + "properties": { + "DaysAfterInitiation": { + "markdownDescription": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.", + "title": "DaysAfterInitiation", + "type": "number" + } + }, + "required": [ + "DaysAfterInitiation" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.BucketEncryption": { + "additionalProperties": false, + "properties": { + "ServerSideEncryptionConfiguration": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule" + }, + "markdownDescription": "Specifies the default server-side-encryption configuration.", + "title": "ServerSideEncryptionConfiguration", + "type": "array" + } + }, + "required": [ + "ServerSideEncryptionConfiguration" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.Destination": { + "additionalProperties": false, + "properties": { + "BucketAccountId": { + "type": "string" + }, + "BucketArn": { + "type": "string" + }, + "Format": { + "type": "string" + }, + "Prefix": { + "type": "string" + } + }, + "required": [ + "BucketArn", + "Format" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.InventoryConfiguration": { + "additionalProperties": false, + "properties": { + "Destination": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Destination" + }, + "Enabled": { + "type": "boolean" + }, + "Id": { + "type": "string" + }, + "IncludedObjectVersions": { + "type": "string" + }, + "OptionalFields": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Prefix": { + "type": "string" + }, + "ScheduleFrequency": { + "type": "string" + } + }, + "required": [ + "Destination", + "Enabled", + "Id", + "IncludedObjectVersions", + "ScheduleFrequency" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.LifecycleConfiguration": { + "additionalProperties": false, + "properties": { + "Rules": { + "items": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Rule" + }, + "markdownDescription": "A lifecycle rule for individual objects in an Amazon S3 Express bucket.", + "title": "Rules", + "type": "array" + } + }, + "required": [ + "Rules" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.MetricsConfiguration": { + "additionalProperties": false, + "properties": { + "AccessPointArn": { + "type": "string" + }, + "Id": { + "type": "string" + }, + "Prefix": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.Rule": { + "additionalProperties": false, + "properties": { + "AbortIncompleteMultipartUpload": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload", + "markdownDescription": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", + "title": "AbortIncompleteMultipartUpload" + }, + "ExpirationInDays": { + "markdownDescription": "Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.", + "title": "ExpirationInDays", + "type": "number" + }, + "Id": { + "markdownDescription": "Unique identifier for the rule. The value can't be longer than 255 characters.", + "title": "Id", + "type": "string" + }, + "ObjectSizeGreaterThan": { + "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", + "title": "ObjectSizeGreaterThan", + "type": "string" + }, + "ObjectSizeLessThan": { + "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", + "title": "ObjectSizeLessThan", + "type": "string" + }, + "Prefix": { + "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", + "title": "Prefix", + "type": "string" + }, + "Status": { + "markdownDescription": "If `Enabled` , the rule is currently being applied. If `Disabled` , the rule is not currently being applied.", + "title": "Status", + "type": "string" + } + }, + "required": [ + "Status" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault": { + "additionalProperties": false, + "properties": { + "KMSMasterKeyID": { + "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if `SSEAlgorithm` is set to `aws:kms` .\n\nYou can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can\u2019t use the key alias of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html#s3-express-bucket-encryption-update-bucket-policy) .\n\n> Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", + "title": "KMSMasterKeyID", + "type": "string" + }, + "SSEAlgorithm": { + "markdownDescription": "Server-side encryption algorithm to use for the default encryption.\n\n> For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` .", + "title": "SSEAlgorithm", + "type": "string" + } + }, + "required": [ + "SSEAlgorithm" + ], + "type": "object" + }, + "AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule": { + "additionalProperties": false, + "properties": { + "BucketKeyEnabled": { + "markdownDescription": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. S3 Bucket Keys are always enabled for `GET` and `PUT` operations on a directory bucket and can\u2019t be disabled. It's only allowed to set the `BucketKeyEnabled` element to `true` .\n\nS3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) , [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) , [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops) , or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job) . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.\n\nFor more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-UsingKMSEncryption.html#s3-express-sse-kms-bucket-keys) in the *Amazon S3 User Guide* .", + "title": "BucketKeyEnabled", + "type": "boolean" + }, + "ServerSideEncryptionByDefault": { + "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault", + "markdownDescription": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.", + "title": "ServerSideEncryptionByDefault" + } + }, + "type": "object" + }, + "AWS::S3Files::AccessPoint": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ClientToken": { + "type": "string" + }, + "FileSystemId": { + "type": "string" + }, + "PosixUser": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.PosixUser" + }, + "RootDirectory": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.RootDirectory" + }, + "Tags": { + "items": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.AccessPointTag" + }, + "type": "array" + } + }, + "required": [ + "FileSystemId" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::AccessPoint" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.AccessPointTag": { + "additionalProperties": false, + "properties": { + "Key": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Files::AccessPoint.CreationPermissions": { + "additionalProperties": false, + "properties": { + "OwnerGid": { + "type": "string" + }, + "OwnerUid": { + "type": "string" + }, + "Permissions": { + "type": "string" + } + }, + "required": [ + "OwnerGid", + "OwnerUid", + "Permissions" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.PosixUser": { + "additionalProperties": false, + "properties": { + "Gid": { + "type": "string" + }, + "SecondaryGids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Uid": { + "type": "string" + } + }, + "required": [ + "Gid", + "Uid" + ], + "type": "object" + }, + "AWS::S3Files::AccessPoint.RootDirectory": { + "additionalProperties": false, + "properties": { + "CreationPermissions": { + "$ref": "#/definitions/AWS::S3Files::AccessPoint.CreationPermissions" + }, + "Path": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::S3Files::FileSystem": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AcceptBucketWarning": { + "type": "boolean" + }, + "Bucket": { + "type": "string" + }, + "ClientToken": { + "type": "string" + }, + "KmsKeyId": { + "type": "string" + }, + "Prefix": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "SynchronizationConfiguration": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.SynchronizationConfiguration" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Bucket", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::FileSystem" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.ExpirationDataRule": { + "additionalProperties": false, + "properties": { + "DaysAfterLastAccess": { + "type": "number" + } + }, + "required": [ + "DaysAfterLastAccess" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.ImportDataRule": { + "additionalProperties": false, + "properties": { + "Prefix": { + "type": "string" + }, + "SizeLessThan": { + "type": "number" + }, + "Trigger": { + "type": "string" + } + }, + "required": [ + "Prefix", + "SizeLessThan", + "Trigger" + ], + "type": "object" + }, + "AWS::S3Files::FileSystem.SynchronizationConfiguration": { + "additionalProperties": false, + "properties": { + "ExpirationDataRules": { + "items": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.ExpirationDataRule" + }, + "type": "array" + }, + "ImportDataRules": { + "items": { + "$ref": "#/definitions/AWS::S3Files::FileSystem.ImportDataRule" + }, + "type": "array" + }, + "LatestVersionNumber": { + "type": "number" + } + }, + "required": [ + "ExpirationDataRules", + "ImportDataRules" + ], + "type": "object" + }, + "AWS::S3Files::FileSystemPolicy": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "FileSystemId": { + "type": "string" + }, + "Policy": { + "type": "object" + } + }, + "required": [ + "FileSystemId", + "Policy" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::S3Files::FileSystemPolicy" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::S3Files::MountTarget": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "FileSystemId": { "type": "string" }, - "DataRedundancy": { - "markdownDescription": "The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.", - "title": "DataRedundancy", + "IpAddressType": { "type": "string" }, - "LifecycleConfiguration": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.LifecycleConfiguration", - "markdownDescription": "Container for lifecycle rules. You can add as many as 1000 rules.\n\nFor more information see, [Creating and managing a lifecycle configuration for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html ) in the *Amazon S3 User Guide* .", - "title": "LifecycleConfiguration" + "Ipv4Address": { + "type": "string" }, - "LocationName": { - "markdownDescription": "The name of the location where the bucket will be created.\n\nFor directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is `usw2-az1` .", - "title": "LocationName", + "Ipv6Address": { "type": "string" }, - "Tags": { + "SecurityGroups": { "items": { - "$ref": "#/definitions/Tag" + "type": "string" }, - "markdownDescription": "An array of tags that you can apply to the S3 directory bucket. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access. For more information, see [Using tags with directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-tagging.html) .", - "title": "Tags", "type": "array" + }, + "SubnetId": { + "type": "string" } }, "required": [ - "DataRedundancy", - "LocationName" + "FileSystemId", + "SubnetId" ], "type": "object" }, "Type": { "enum": [ - "AWS::S3Express::DirectoryBucket" + "AWS::S3Files::MountTarget" ], "type": "string" }, @@ -304596,133 +313066,6 @@ ], "type": "object" }, - "AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload": { - "additionalProperties": false, - "properties": { - "DaysAfterInitiation": { - "markdownDescription": "Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.", - "title": "DaysAfterInitiation", - "type": "number" - } - }, - "required": [ - "DaysAfterInitiation" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.BucketEncryption": { - "additionalProperties": false, - "properties": { - "ServerSideEncryptionConfiguration": { - "items": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule" - }, - "markdownDescription": "Specifies the default server-side-encryption configuration.", - "title": "ServerSideEncryptionConfiguration", - "type": "array" - } - }, - "required": [ - "ServerSideEncryptionConfiguration" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.LifecycleConfiguration": { - "additionalProperties": false, - "properties": { - "Rules": { - "items": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.Rule" - }, - "markdownDescription": "A lifecycle rule for individual objects in an Amazon S3 Express bucket.", - "title": "Rules", - "type": "array" - } - }, - "required": [ - "Rules" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.Rule": { - "additionalProperties": false, - "properties": { - "AbortIncompleteMultipartUpload": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.AbortIncompleteMultipartUpload", - "markdownDescription": "Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.", - "title": "AbortIncompleteMultipartUpload" - }, - "ExpirationInDays": { - "markdownDescription": "Indicates the number of days after creation when objects are deleted from Amazon S3 and Amazon S3 Glacier. If you specify an expiration and transition time, you must use the same time unit for both properties (either in days or by date). The expiration time must also be later than the transition time.", - "title": "ExpirationInDays", - "type": "number" - }, - "Id": { - "markdownDescription": "Unique identifier for the rule. The value can't be longer than 255 characters.", - "title": "Id", - "type": "string" - }, - "ObjectSizeGreaterThan": { - "markdownDescription": "Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. For more information about size based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", - "title": "ObjectSizeGreaterThan", - "type": "string" - }, - "ObjectSizeLessThan": { - "markdownDescription": "Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. For more information about sized based rules, see [Lifecycle configuration using size-based rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html#lc-size-rules) in the *Amazon S3 User Guide* .", - "title": "ObjectSizeLessThan", - "type": "string" - }, - "Prefix": { - "markdownDescription": "Object key prefix that identifies one or more objects to which this rule applies.\n\n> Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints) .", - "title": "Prefix", - "type": "string" - }, - "Status": { - "markdownDescription": "If `Enabled` , the rule is currently being applied. If `Disabled` , the rule is not currently being applied.", - "title": "Status", - "type": "string" - } - }, - "required": [ - "Status" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault": { - "additionalProperties": false, - "properties": { - "KMSMasterKeyID": { - "markdownDescription": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if `SSEAlgorithm` is set to `aws:kms` .\n\nYou can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can\u2019t use the key alias of the KMS key.\n\n- Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`\n- Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n\nIf you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html#s3-express-bucket-encryption-update-bucket-policy) .\n\n> Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .", - "title": "KMSMasterKeyID", - "type": "string" - }, - "SSEAlgorithm": { - "markdownDescription": "Server-side encryption algorithm to use for the default encryption.\n\n> For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` .", - "title": "SSEAlgorithm", - "type": "string" - } - }, - "required": [ - "SSEAlgorithm" - ], - "type": "object" - }, - "AWS::S3Express::DirectoryBucket.ServerSideEncryptionRule": { - "additionalProperties": false, - "properties": { - "BucketKeyEnabled": { - "markdownDescription": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. S3 Bucket Keys are always enabled for `GET` and `PUT` operations on a directory bucket and can\u2019t be disabled. It's only allowed to set the `BucketKeyEnabled` element to `true` .\n\nS3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through [CopyObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) , [UploadPartCopy](https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) , [the Copy operation in Batch Operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops) , or [the import jobs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job) . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.\n\nFor more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-UsingKMSEncryption.html#s3-express-sse-kms-bucket-keys) in the *Amazon S3 User Guide* .", - "title": "BucketKeyEnabled", - "type": "boolean" - }, - "ServerSideEncryptionByDefault": { - "$ref": "#/definitions/AWS::S3Express::DirectoryBucket.ServerSideEncryptionByDefault", - "markdownDescription": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.", - "title": "ServerSideEncryptionByDefault" - } - }, - "type": "object" - }, "AWS::S3ObjectLambda::AccessPoint": { "additionalProperties": false, "properties": { @@ -305734,6 +314077,9 @@ "markdownDescription": "The schema for an Iceberg table.", "title": "IcebergSchema" }, + "IcebergSchemaV2": { + "$ref": "#/definitions/AWS::S3Tables::Table.IcebergSchemaV2" + }, "IcebergSortOrder": { "$ref": "#/definitions/AWS::S3Tables::Table.IcebergSortOrder" }, @@ -305747,9 +314093,6 @@ "type": "object" } }, - "required": [ - "IcebergSchema" - ], "type": "object" }, "AWS::S3Tables::Table.IcebergPartitionField": { @@ -305810,6 +314153,34 @@ ], "type": "object" }, + "AWS::S3Tables::Table.IcebergSchemaV2": { + "additionalProperties": false, + "properties": { + "IdentifierFieldIds": { + "items": { + "type": "number" + }, + "type": "array" + }, + "SchemaId": { + "type": "number" + }, + "SchemaV2FieldList": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::Table.SchemaV2Field" + }, + "type": "array" + }, + "SchemaV2FieldType": { + "type": "string" + } + }, + "required": [ + "SchemaV2FieldList", + "SchemaV2FieldType" + ], + "type": "object" + }, "AWS::S3Tables::Table.IcebergSortField": { "additionalProperties": false, "properties": { @@ -305880,6 +314251,33 @@ ], "type": "object" }, + "AWS::S3Tables::Table.SchemaV2Field": { + "additionalProperties": false, + "properties": { + "Doc": { + "type": "string" + }, + "Id": { + "type": "number" + }, + "Name": { + "type": "string" + }, + "Required": { + "type": "boolean" + }, + "Type": { + "type": "object" + } + }, + "required": [ + "Id", + "Name", + "Required", + "Type" + ], + "type": "object" + }, "AWS::S3Tables::Table.SnapshotManagement": { "additionalProperties": false, "properties": { @@ -305957,6 +314355,9 @@ "markdownDescription": "", "title": "MetricsConfiguration" }, + "ReplicationConfiguration": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationConfiguration" + }, "StorageClassConfiguration": { "$ref": "#/definitions/AWS::S3Tables::TableBucket.StorageClassConfiguration", "markdownDescription": "The configuration details for the storage class of tables or table buckets. This allows you to optimize storage costs by selecting the appropriate storage class based on your access patterns and performance requirements.", @@ -306034,6 +314435,52 @@ }, "type": "object" }, + "AWS::S3Tables::TableBucket.ReplicationConfiguration": { + "additionalProperties": false, + "properties": { + "Role": { + "type": "string" + }, + "Rules": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationRule" + }, + "type": "array" + } + }, + "required": [ + "Role", + "Rules" + ], + "type": "object" + }, + "AWS::S3Tables::TableBucket.ReplicationDestination": { + "additionalProperties": false, + "properties": { + "DestinationTableBucketARN": { + "type": "string" + } + }, + "required": [ + "DestinationTableBucketARN" + ], + "type": "object" + }, + "AWS::S3Tables::TableBucket.ReplicationRule": { + "additionalProperties": false, + "properties": { + "Destinations": { + "items": { + "$ref": "#/definitions/AWS::S3Tables::TableBucket.ReplicationDestination" + }, + "type": "array" + } + }, + "required": [ + "Destinations" + ], + "type": "object" + }, "AWS::S3Tables::TableBucket.StorageClassConfiguration": { "additionalProperties": false, "properties": { @@ -307898,6 +316345,9 @@ "title": "Tags", "type": "array" }, + "TlsPolicy": { + "type": "string" + }, "TrafficPolicyId": { "markdownDescription": "The identifier of an existing traffic policy that you attach to an ingress endpoint resource.", "title": "TrafficPolicyId", @@ -307949,6 +316399,9 @@ "markdownDescription": "The password of the ingress endpoint resource.", "title": "SmtpPassword", "type": "string" + }, + "TlsAuthConfiguration": { + "$ref": "#/definitions/AWS::SES::MailManagerIngressPoint.TlsAuthConfiguration" } }, "type": "object" @@ -307997,6 +316450,36 @@ ], "type": "object" }, + "AWS::SES::MailManagerIngressPoint.TlsAuthConfiguration": { + "additionalProperties": false, + "properties": { + "TrustStore": { + "$ref": "#/definitions/AWS::SES::MailManagerIngressPoint.TrustStore" + } + }, + "required": [ + "TrustStore" + ], + "type": "object" + }, + "AWS::SES::MailManagerIngressPoint.TrustStore": { + "additionalProperties": false, + "properties": { + "CAContent": { + "type": "string" + }, + "CrlContent": { + "type": "string" + }, + "KmsKeyArn": { + "type": "string" + } + }, + "required": [ + "CAContent" + ], + "type": "object" + }, "AWS::SES::MailManagerRelay": { "additionalProperties": false, "properties": { @@ -308247,6 +316730,40 @@ ], "type": "object" }, + "AWS::SES::MailManagerRuleSet.BounceAction": { + "additionalProperties": false, + "properties": { + "ActionFailurePolicy": { + "type": "string" + }, + "DiagnosticMessage": { + "type": "string" + }, + "Message": { + "type": "string" + }, + "RoleArn": { + "type": "string" + }, + "Sender": { + "type": "string" + }, + "SmtpReplyCode": { + "type": "string" + }, + "StatusCode": { + "type": "string" + } + }, + "required": [ + "DiagnosticMessage", + "RoleArn", + "Sender", + "SmtpReplyCode", + "StatusCode" + ], + "type": "object" + }, "AWS::SES::MailManagerRuleSet.DeliverToMailboxAction": { "additionalProperties": false, "properties": { @@ -308303,6 +316820,32 @@ ], "type": "object" }, + "AWS::SES::MailManagerRuleSet.InvokeLambdaAction": { + "additionalProperties": false, + "properties": { + "ActionFailurePolicy": { + "type": "string" + }, + "FunctionArn": { + "type": "string" + }, + "InvocationType": { + "type": "string" + }, + "RetryTimeMinutes": { + "type": "number" + }, + "RoleArn": { + "type": "string" + } + }, + "required": [ + "FunctionArn", + "InvocationType", + "RoleArn" + ], + "type": "object" + }, "AWS::SES::MailManagerRuleSet.RelayAction": { "additionalProperties": false, "properties": { @@ -308392,6 +316935,9 @@ "markdownDescription": "This action archives the email. This can be used to deliver an email to an archive.", "title": "Archive" }, + "Bounce": { + "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.BounceAction" + }, "DeliverToMailbox": { "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.DeliverToMailboxAction", "markdownDescription": "This action delivers an email to a WorkMail mailbox.", @@ -308407,6 +316953,9 @@ "title": "Drop", "type": "object" }, + "InvokeLambda": { + "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.InvokeLambdaAction" + }, "PublishToSns": { "$ref": "#/definitions/AWS::SES::MailManagerRuleSet.SnsAction", "markdownDescription": "This action publishes the email content to an Amazon SNS topic.", @@ -308683,6 +317232,9 @@ "title": "Attribute", "type": "string" }, + "ClientCertificateAttribute": { + "type": "string" + }, "MimeHeaderAttribute": { "markdownDescription": "The email MIME X-Header attribute to evaluate in a string condition expression.", "title": "MimeHeaderAttribute", @@ -316326,8 +324878,7 @@ "ExecutionRole", "InstanceCount", "InstanceGroupName", - "InstanceType", - "LifeCycleConfig" + "InstanceType" ], "type": "object" }, @@ -316406,16 +324957,15 @@ "title": "OnCreate", "type": "string" }, + "OnInitComplete": { + "type": "string" + }, "SourceS3Uri": { "markdownDescription": "An Amazon S3 bucket path where your lifecycle scripts are stored.\n\n> Make sure that the S3 bucket path starts with `s3://sagemaker-` . The [IAM role for SageMaker HyperPod](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites.html#sagemaker-hyperpod-prerequisites-iam-role-for-hyperpod) has the managed [`AmazonSageMakerClusterInstanceRolePolicy`](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-cluster.html) attached, which allows access to S3 buckets with the specific prefix `sagemaker-` .", "title": "SourceS3Uri", "type": "string" } }, - "required": [ - "OnCreate", - "SourceS3Uri" - ], "type": "object" }, "AWS::SageMaker::Cluster.ClusterOrchestratorEksConfig": { @@ -320687,22 +329237,6 @@ ], "type": "object" }, - "AWS::SageMaker::Model.AdditionalModelDataSource": { - "additionalProperties": false, - "properties": { - "ChannelName": { - "type": "string" - }, - "S3DataSource": { - "$ref": "#/definitions/AWS::SageMaker::Model.S3DataSource" - } - }, - "required": [ - "ChannelName", - "S3DataSource" - ], - "type": "object" - }, "AWS::SageMaker::Model.ContainerDefinition": { "additionalProperties": false, "properties": { @@ -328879,32 +337413,720 @@ "Properties": { "additionalProperties": false, "properties": { - "SecretId": { - "markdownDescription": "The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition.", - "title": "SecretId", - "type": "string" + "SecretId": { + "markdownDescription": "The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition.", + "title": "SecretId", + "type": "string" + }, + "TargetId": { + "markdownDescription": "The ID of the database or cluster.", + "title": "TargetId", + "type": "string" + }, + "TargetType": { + "markdownDescription": "A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:\n\n- AWS::RDS::DBInstance\n- AWS::RDS::DBCluster\n- AWS::Redshift::Cluster\n- AWS::RedshiftServerless::Namespace\n- AWS::DocDB::DBInstance\n- AWS::DocDB::DBCluster\n- AWS::DocDBElastic::Cluster", + "title": "TargetType", + "type": "string" + } + }, + "required": [ + "SecretId", + "TargetId", + "TargetType" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecretsManager::SecretTargetAttachment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AwsResources": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.AWSResources" + }, + "CodeReviewSettings": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.CodeReviewSettings" + }, + "Description": { + "type": "string" + }, + "IntegratedResources": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.IntegratedResource" + }, + "type": "array" + }, + "KmsKeyId": { + "type": "string" + }, + "Name": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetDomainIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "Name" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::AgentSpace" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.AWSResources": { + "additionalProperties": false, + "properties": { + "IamRoles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LambdaFunctionArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LogGroups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "S3Buckets": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SecretArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Vpcs": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.VpcConfig" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.CodeReviewSettings": { + "additionalProperties": false, + "properties": { + "ControlsScanning": { + "type": "boolean" + }, + "GeneralPurposeScanning": { + "type": "boolean" + } + }, + "required": [ + "ControlsScanning", + "GeneralPurposeScanning" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.GitHubCapabilitiesResource": { + "additionalProperties": false, + "properties": { + "LeaveComments": { + "type": "boolean" + }, + "RemediateCode": { + "type": "boolean" + } + }, + "required": [ + "LeaveComments", + "RemediateCode" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.GitHubRepositoryResource": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Owner": { + "type": "string" + } + }, + "required": [ + "Name", + "Owner" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.IntegratedResource": { + "additionalProperties": false, + "properties": { + "Integration": { + "type": "string" + }, + "ProviderResources": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.ProviderResource" + }, + "type": "array" + } + }, + "required": [ + "Integration", + "ProviderResources" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.ProviderResource": { + "additionalProperties": false, + "properties": { + "GitHubCapabilities": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.GitHubCapabilitiesResource" + }, + "GitHubRepository": { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace.GitHubRepositoryResource" + } + }, + "required": [ + "GitHubCapabilities", + "GitHubRepository" + ], + "type": "object" + }, + "AWS::SecurityAgent::AgentSpace.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VpcArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Application": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DefaultKmsKeyId": { + "type": "string" + }, + "IdCConfiguration": { + "$ref": "#/definitions/AWS::SecurityAgent::Application.IdCConfiguration" + }, + "RoleArn": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::Application" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::SecurityAgent::Application.IdCConfiguration": { + "additionalProperties": false, + "properties": { + "IdCApplicationArn": { + "type": "string" + }, + "IdCInstanceArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AgentSpaceId": { + "type": "string" + }, + "Assets": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Assets" + }, + "CodeRemediationStrategy": { + "type": "string" + }, + "ExcludeRiskTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "LogConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.CloudWatchLog" + }, + "NetworkTrafficConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.NetworkTrafficConfig" + }, + "ServiceRole": { + "type": "string" + }, + "Title": { + "type": "string" + }, + "VpcConfig": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.VpcConfig" + } + }, + "required": [ + "AgentSpaceId", + "Assets", + "ServiceRole" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::SecurityAgent::Pentest" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Actor": { + "additionalProperties": false, + "properties": { + "Authentication": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Authentication" + }, + "Description": { + "type": "string" + }, + "Identifier": { + "type": "string" + }, + "Uris": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Assets": { + "additionalProperties": false, + "properties": { + "Actors": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Actor" + }, + "type": "array" + }, + "Documents": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.DocumentInfo" + }, + "type": "array" + }, + "Endpoints": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.Endpoint" + }, + "type": "array" + }, + "IntegratedRepositories": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.IntegratedRepository" + }, + "type": "array" + }, + "SourceCode": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.SourceCodeRepository" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Authentication": { + "additionalProperties": false, + "properties": { + "ProviderType": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.CloudWatchLog": { + "additionalProperties": false, + "properties": { + "LogGroup": { + "type": "string" + }, + "LogStream": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.CustomHeader": { + "additionalProperties": false, + "properties": { + "Name": { + "type": "string" + }, + "Value": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.DocumentInfo": { + "additionalProperties": false, + "properties": { + "ArtifactId": { + "type": "string" + }, + "S3Location": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.Endpoint": { + "additionalProperties": false, + "properties": { + "Uri": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.IntegratedRepository": { + "additionalProperties": false, + "properties": { + "IntegrationId": { + "type": "string" + }, + "ProviderResourceId": { + "type": "string" + } + }, + "required": [ + "IntegrationId", + "ProviderResourceId" + ], + "type": "object" + }, + "AWS::SecurityAgent::Pentest.NetworkTrafficConfig": { + "additionalProperties": false, + "properties": { + "CustomHeaders": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.CustomHeader" + }, + "type": "array" + }, + "Rules": { + "items": { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest.NetworkTrafficRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.NetworkTrafficRule": { + "additionalProperties": false, + "properties": { + "Effect": { + "type": "string" + }, + "NetworkTrafficRuleType": { + "type": "string" + }, + "Pattern": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.SourceCodeRepository": { + "additionalProperties": false, + "properties": { + "S3Location": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::Pentest.VpcConfig": { + "additionalProperties": false, + "properties": { + "SecurityGroupArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SubnetArns": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VpcArn": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" }, - "TargetId": { - "markdownDescription": "The ID of the database or cluster.", - "title": "TargetId", + "TargetDomainName": { "type": "string" }, - "TargetType": { - "markdownDescription": "A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:\n\n- AWS::RDS::DBInstance\n- AWS::RDS::DBCluster\n- AWS::Redshift::Cluster\n- AWS::RedshiftServerless::Namespace\n- AWS::DocDB::DBInstance\n- AWS::DocDB::DBCluster\n- AWS::DocDBElastic::Cluster", - "title": "TargetType", + "VerificationMethod": { "type": "string" } }, "required": [ - "SecretId", - "TargetId", - "TargetType" + "TargetDomainName", + "VerificationMethod" ], "type": "object" }, "Type": { "enum": [ - "AWS::SecretsManager::SecretTargetAttachment" + "AWS::SecurityAgent::TargetDomain" ], "type": "string" }, @@ -328923,6 +338145,48 @@ ], "type": "object" }, + "AWS::SecurityAgent::TargetDomain.DnsVerification": { + "additionalProperties": false, + "properties": { + "DnsRecordName": { + "type": "string" + }, + "DnsRecordType": { + "type": "string" + }, + "Token": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain.HttpVerification": { + "additionalProperties": false, + "properties": { + "RoutePath": { + "type": "string" + }, + "Token": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::SecurityAgent::TargetDomain.VerificationDetails": { + "additionalProperties": false, + "properties": { + "DnsTxt": { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain.DnsVerification" + }, + "HttpRoute": { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain.HttpVerification" + }, + "Method": { + "type": "string" + } + }, + "type": "object" + }, "AWS::SecurityHub::AggregatorV2": { "additionalProperties": false, "properties": { @@ -336581,6 +345845,9 @@ "markdownDescription": "The routing configuration of an alias. Routing configuration splits [StartExecution](https://docs.aws.amazon.com/step-functions/latest/apireference/API_StartExecution.html) requests between one or two versions of the same state machine.\n\nUse `RoutingConfiguration` if you want to explicitly set the alias [weights](https://docs.aws.amazon.com/step-functions/latest/apireference/API_RoutingConfigurationListItem.html#StepFunctions-Type-RoutingConfigurationListItem-weight) . Weight is the percentage of traffic you want to route to a state machine version.\n\n> `RoutingConfiguration` and `DeploymentPreference` are mutually exclusive properties. You must define only one of these properties.", "title": "RoutingConfiguration", "type": "array" + }, + "StateMachineArn": { + "type": "string" } }, "type": "object" @@ -338982,6 +348249,9 @@ "title": "EgressType", "type": "string" }, + "IpAddressType": { + "type": "string" + }, "LoggingRole": { "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a connector to turn on CloudWatch logging for Amazon S3 events. When set, you can view connector activity in your CloudWatch logs.", "title": "LoggingRole", @@ -340259,6 +349529,79 @@ }, "type": "object" }, + "AWS::UXC::AccountCustomization": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AccountColor": { + "type": "string" + }, + "VisibleRegions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "VisibleServices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::UXC::AccountCustomization" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::VerifiedPermissions::IdentitySource": { "additionalProperties": false, "properties": { @@ -340827,11 +350170,6 @@ "AWS::VerifiedPermissions::PolicyStore.SchemaDefinition": { "additionalProperties": false, "properties": { - "CedarFormat": { - "markdownDescription": "", - "title": "CedarFormat", - "type": "string" - }, "CedarJson": { "markdownDescription": "A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the AVP User Guide.", "title": "CedarJson", @@ -354387,18 +363725,6 @@ }, "type": "object" }, - "AWS::WorkspacesInstances::WorkspaceInstance.InstanceMarketOptionsRequest": { - "additionalProperties": false, - "properties": { - "MarketType": { - "type": "string" - }, - "SpotOptions": { - "$ref": "#/definitions/AWS::WorkspacesInstances::WorkspaceInstance.SpotMarketOptions" - } - }, - "type": "object" - }, "AWS::WorkspacesInstances::WorkspaceInstance.InstanceMetadataOptionsRequest": { "additionalProperties": false, "properties": { @@ -354498,9 +363824,6 @@ "ImageId": { "type": "string" }, - "InstanceMarketOptions": { - "$ref": "#/definitions/AWS::WorkspacesInstances::WorkspaceInstance.InstanceMarketOptionsRequest" - }, "InstanceType": { "type": "string" }, @@ -354604,24 +363927,6 @@ }, "type": "object" }, - "AWS::WorkspacesInstances::WorkspaceInstance.SpotMarketOptions": { - "additionalProperties": false, - "properties": { - "InstanceInterruptionBehavior": { - "type": "string" - }, - "MaxPrice": { - "type": "string" - }, - "SpotInstanceType": { - "type": "string" - }, - "ValidUntilUtc": { - "type": "string" - } - }, - "type": "object" - }, "AWS::WorkspacesInstances::WorkspaceInstance.TagSpecification": { "additionalProperties": false, "properties": { @@ -354887,6 +364192,22 @@ ], "type": "object" }, + "AWS::XRay::SamplingRule.SamplingRateBoost": { + "additionalProperties": false, + "properties": { + "CooldownWindowMinutes": { + "type": "number" + }, + "MaxRate": { + "type": "number" + } + }, + "required": [ + "CooldownWindowMinutes", + "MaxRate" + ], + "type": "object" + }, "AWS::XRay::SamplingRule.SamplingRule": { "additionalProperties": false, "properties": { @@ -354941,6 +364262,9 @@ "title": "RuleName", "type": "string" }, + "SamplingRateBoost": { + "$ref": "#/definitions/AWS::XRay::SamplingRule.SamplingRateBoost" + }, "ServiceName": { "markdownDescription": "Matches the `name` that the service uses to identify itself in segments.", "title": "ServiceName", @@ -355831,12 +365155,18 @@ { "$ref": "#/definitions/AWS::Batch::JobQueue" }, + { + "$ref": "#/definitions/AWS::Batch::QuotaShare" + }, { "$ref": "#/definitions/AWS::Batch::SchedulingPolicy" }, { "$ref": "#/definitions/AWS::Batch::ServiceEnvironment" }, + { + "$ref": "#/definitions/AWS::BcmPricingCalculator::BillScenario" + }, { "$ref": "#/definitions/AWS::Bedrock::Agent" }, @@ -355855,12 +365185,18 @@ { "$ref": "#/definitions/AWS::Bedrock::Blueprint" }, + { + "$ref": "#/definitions/AWS::Bedrock::DataAutomationLibrary" + }, { "$ref": "#/definitions/AWS::Bedrock::DataAutomationProject" }, { "$ref": "#/definitions/AWS::Bedrock::DataSource" }, + { + "$ref": "#/definitions/AWS::Bedrock::EnforcedGuardrailConfiguration" + }, { "$ref": "#/definitions/AWS::Bedrock::Flow" }, @@ -355888,12 +365224,24 @@ { "$ref": "#/definitions/AWS::Bedrock::PromptVersion" }, + { + "$ref": "#/definitions/AWS::Bedrock::ResourcePolicy" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::ApiKeyCredentialProvider" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserCustom" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::BrowserProfile" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::CodeInterpreterCustom" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::Evaluator" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::Gateway" }, @@ -355903,6 +365251,18 @@ { "$ref": "#/definitions/AWS::BedrockAgentCore::Memory" }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::OAuth2CredentialProvider" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::OnlineEvaluationConfig" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::Policy" + }, + { + "$ref": "#/definitions/AWS::BedrockAgentCore::PolicyEngine" + }, { "$ref": "#/definitions/AWS::BedrockAgentCore::Runtime" }, @@ -355912,6 +365272,9 @@ { "$ref": "#/definitions/AWS::BedrockAgentCore::WorkloadIdentity" }, + { + "$ref": "#/definitions/AWS::BedrockMantle::Project" + }, { "$ref": "#/definitions/AWS::Billing::BillingView" }, @@ -355927,6 +365290,9 @@ { "$ref": "#/definitions/AWS::BillingConductor::PricingRule" }, + { + "$ref": "#/definitions/AWS::Braket::SpendingLimit" + }, { "$ref": "#/definitions/AWS::Budgets::Budget" }, @@ -356008,6 +365374,12 @@ { "$ref": "#/definitions/AWS::CleanRooms::PrivacyBudgetTemplate" }, + { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithm" + }, + { + "$ref": "#/definitions/AWS::CleanRoomsML::ConfiguredModelAlgorithmAssociation" + }, { "$ref": "#/definitions/AWS::CleanRoomsML::TrainingDataset" }, @@ -356284,6 +365656,9 @@ { "$ref": "#/definitions/AWS::Comprehend::Flywheel" }, + { + "$ref": "#/definitions/AWS::ComputeOptimizer::AutomationRule" + }, { "$ref": "#/definitions/AWS::Config::AggregationAuthorization" }, @@ -356326,6 +365701,12 @@ { "$ref": "#/definitions/AWS::Connect::ContactFlowModule" }, + { + "$ref": "#/definitions/AWS::Connect::ContactFlowModuleAlias" + }, + { + "$ref": "#/definitions/AWS::Connect::ContactFlowModuleVersion" + }, { "$ref": "#/definitions/AWS::Connect::ContactFlowVersion" }, @@ -356443,6 +365824,9 @@ { "$ref": "#/definitions/AWS::CustomerProfiles::ObjectType" }, + { + "$ref": "#/definitions/AWS::CustomerProfiles::Recommender" + }, { "$ref": "#/definitions/AWS::CustomerProfiles::SegmentDefinition" }, @@ -356665,6 +366049,27 @@ { "$ref": "#/definitions/AWS::DevOpsGuru::ResourceCollection" }, + { + "$ref": "#/definitions/AWS::DirectConnect::Connection" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::DirectConnectGateway" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::DirectConnectGatewayAssociation" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::Lag" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::PrivateVirtualInterface" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::PublicVirtualInterface" + }, + { + "$ref": "#/definitions/AWS::DirectConnect::TransitVirtualInterface" + }, { "$ref": "#/definitions/AWS::DirectoryService::MicrosoftAD" }, @@ -356767,6 +366172,9 @@ { "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolver" }, + { + "$ref": "#/definitions/AWS::EC2::IPAMPrefixListResolverTarget" + }, { "$ref": "#/definitions/AWS::EC2::IPAMResourceDiscovery" }, @@ -356890,6 +366298,9 @@ { "$ref": "#/definitions/AWS::EC2::SpotFleet" }, + { + "$ref": "#/definitions/AWS::EC2::SqlHaStandbyDetectedInstance" + }, { "$ref": "#/definitions/AWS::EC2::Subnet" }, @@ -357067,6 +366478,12 @@ { "$ref": "#/definitions/AWS::ECS::ClusterCapacityProviderAssociations" }, + { + "$ref": "#/definitions/AWS::ECS::Daemon" + }, + { + "$ref": "#/definitions/AWS::ECS::DaemonTaskDefinition" + }, { "$ref": "#/definitions/AWS::ECS::ExpressGatewayService" }, @@ -357223,6 +366640,9 @@ { "$ref": "#/definitions/AWS::Elasticsearch::Domain" }, + { + "$ref": "#/definitions/AWS::ElementalInference::Feed" + }, { "$ref": "#/definitions/AWS::EntityResolution::IdMappingWorkflow" }, @@ -357394,6 +366814,9 @@ { "$ref": "#/definitions/AWS::GlobalAccelerator::Listener" }, + { + "$ref": "#/definitions/AWS::Glue::Catalog" + }, { "$ref": "#/definitions/AWS::Glue::Classifier" }, @@ -357709,6 +367132,9 @@ { "$ref": "#/definitions/AWS::InspectorV2::Filter" }, + { + "$ref": "#/definitions/AWS::Interconnect::Connection" + }, { "$ref": "#/definitions/AWS::InternetMonitor::Monitor" }, @@ -358432,6 +367858,9 @@ { "$ref": "#/definitions/AWS::NeptuneGraph::Graph" }, + { + "$ref": "#/definitions/AWS::NeptuneGraph::GraphSnapshot" + }, { "$ref": "#/definitions/AWS::NeptuneGraph::PrivateGraphEndpoint" }, @@ -358525,6 +367954,9 @@ { "$ref": "#/definitions/AWS::NotificationsContacts::EmailContact" }, + { + "$ref": "#/definitions/AWS::NovaAct::WorkflowDefinition" + }, { "$ref": "#/definitions/AWS::ODB::CloudAutonomousVmCluster" }, @@ -358558,6 +367990,9 @@ { "$ref": "#/definitions/AWS::ObservabilityAdmin::S3TableIntegration" }, + { + "$ref": "#/definitions/AWS::ObservabilityAdmin::TelemetryEnrichment" + }, { "$ref": "#/definitions/AWS::ObservabilityAdmin::TelemetryPipelines" }, @@ -358567,6 +368002,9 @@ { "$ref": "#/definitions/AWS::Omics::AnnotationStore" }, + { + "$ref": "#/definitions/AWS::Omics::Configuration" + }, { "$ref": "#/definitions/AWS::Omics::ReferenceStore" }, @@ -358591,6 +368029,9 @@ { "$ref": "#/definitions/AWS::OpenSearchServerless::Collection" }, + { + "$ref": "#/definitions/AWS::OpenSearchServerless::CollectionGroup" + }, { "$ref": "#/definitions/AWS::OpenSearchServerless::Index" }, @@ -359056,6 +368497,27 @@ { "$ref": "#/definitions/AWS::Route53::RecordSetGroup" }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::AccessSource" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::AccessToken" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::DnsView" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::FirewallDomainList" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::FirewallRule" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::GlobalResolver" + }, + { + "$ref": "#/definitions/AWS::Route53GlobalResolver::HostedZoneAssociation" + }, { "$ref": "#/definitions/AWS::Route53Profiles::Profile" }, @@ -359161,6 +368623,18 @@ { "$ref": "#/definitions/AWS::S3Express::DirectoryBucket" }, + { + "$ref": "#/definitions/AWS::S3Files::AccessPoint" + }, + { + "$ref": "#/definitions/AWS::S3Files::FileSystem" + }, + { + "$ref": "#/definitions/AWS::S3Files::FileSystemPolicy" + }, + { + "$ref": "#/definitions/AWS::S3Files::MountTarget" + }, { "$ref": "#/definitions/AWS::S3ObjectLambda::AccessPoint" }, @@ -359503,6 +368977,18 @@ { "$ref": "#/definitions/AWS::SecretsManager::SecretTargetAttachment" }, + { + "$ref": "#/definitions/AWS::SecurityAgent::AgentSpace" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::Application" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::Pentest" + }, + { + "$ref": "#/definitions/AWS::SecurityAgent::TargetDomain" + }, { "$ref": "#/definitions/AWS::SecurityHub::AggregatorV2" }, @@ -359725,6 +369211,9 @@ { "$ref": "#/definitions/AWS::Transfer::Workflow" }, + { + "$ref": "#/definitions/AWS::UXC::AccountCustomization" + }, { "$ref": "#/definitions/AWS::VerifiedPermissions::IdentitySource" }, diff --git a/schema_source/sam.schema.json b/schema_source/sam.schema.json index a1c8ccc492..ffc0b7b668 100644 --- a/schema_source/sam.schema.json +++ b/schema_source/sam.schema.json @@ -1919,10 +1919,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -1941,10 +1941,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -1963,10 +1963,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -3865,10 +3865,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -4191,10 +4191,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -4213,10 +4213,10 @@ "items": { "anyOf": [ { - "type": "string" + "type": "object" }, { - "type": "object" + "type": "string" } ] }, @@ -4536,6 +4536,25 @@ ], "title": "DomainName" }, + "EndpointAccessMode": { + "__samPassThrough": { + "markdownDescriptionOverride": "The endpoint access mode for the custom domain name. \n*Type*: String \n*Required*: No \n*CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-endpointaccessmode) property of an `AWS::ApiGateway::DomainName` resource, or to `AWS::ApiGateway::DomainNameV2` when `EndpointConfiguration` is set to `PRIVATE`.", + "schemaPath": [ + "definitions", + "AWS::ApiGateway::DomainName", + "properties", + "Properties", + "properties", + "EndpointAccessMode" + ] + }, + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ], + "title": "EndpointAccessMode" + }, "EndpointConfiguration": { "anyOf": [ { @@ -4773,6 +4792,25 @@ "markdownDescription": "Configures a custom domain for this API Gateway API. \n*Type*: [DomainConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-domainconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", "title": "Domain" }, + "EndpointAccessMode": { + "__samPassThrough": { + "markdownDescriptionOverride": "The endpoint access mode for the RestApi. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointaccessmode) property of an `AWS::ApiGateway::RestApi` resource.", + "schemaPath": [ + "definitions", + "AWS::ApiGateway::RestApi", + "properties", + "Properties", + "properties", + "EndpointAccessMode" + ] + }, + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ], + "title": "EndpointAccessMode" + }, "EndpointConfiguration": { "allOf": [ { @@ -5107,6 +5145,25 @@ "markdownDescription": "Configures a custom domain for this API Gateway API. \n*Type*: [DomainConfiguration](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-domainconfiguration.html) \n*Required*: No \n*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.", "title": "Domain" }, + "EndpointAccessMode": { + "__samPassThrough": { + "markdownDescriptionOverride": "The endpoint access mode for the RestApi. \n*Type*: String \n*Required*: No \n*AWS CloudFormation compatibility*: This property is passed directly to the [`EndpointAccessMode`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointaccessmode) property of an `AWS::ApiGateway::RestApi` resource.", + "schemaPath": [ + "definitions", + "AWS::ApiGateway::RestApi", + "properties", + "Properties", + "properties", + "EndpointAccessMode" + ] + }, + "allOf": [ + { + "$ref": "#/definitions/PassThroughProp" + } + ], + "title": "EndpointAccessMode" + }, "EndpointConfiguration": { "anyOf": [ { diff --git a/setup.py b/setup.py index 69a68d14da..f11905fcee 100755 --- a/setup.py +++ b/setup.py @@ -20,6 +20,7 @@ """ AWS SAM Serverless Application Model """ + import io import os import re @@ -78,7 +79,7 @@ def read_requirements(req="base.txt"): "NOTICE", "THIRD_PARTY_LICENSES", ), - python_requires=">=3.8, <=4.0, !=4.0", + python_requires=">=3.10, <=4.0, !=4.0", install_requires=read_requirements("base.txt"), include_package_data=True, extras_require={"dev": read_requirements("dev.txt")}, @@ -93,10 +94,11 @@ def read_requirements(req="base.txt"): "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Programming Language :: Python", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", "Topic :: Internet", "Topic :: Software Development :: Build Tools", "Topic :: Utilities", diff --git a/tests/model/api/test_api_generator_endpoint_access_mode.py b/tests/model/api/test_api_generator_endpoint_access_mode.py new file mode 100644 index 0000000000..47e4e42c19 --- /dev/null +++ b/tests/model/api/test_api_generator_endpoint_access_mode.py @@ -0,0 +1,43 @@ +from unittest import TestCase +from unittest.mock import Mock + +from samtranslator.model.api.api_generator import ApiGenerator + + +class TestApiGeneratorEndpointAccessMode(TestCase): + def setUp(self): + self.logical_id = "MyApi" + self.default_args = { + "logical_id": self.logical_id, + "cache_cluster_enabled": None, + "cache_cluster_size": None, + "variables": None, + "depends_on": None, + "definition_body": {"swagger": "2.0"}, + "definition_uri": None, + "name": None, + "stage_name": "Prod", + "shared_api_usage_plan": Mock(), + "template_conditions": Mock(), + "method_settings": None, + "endpoint_configuration": {"Type": "REGIONAL"}, + "access_log_setting": None, + "canary_setting": None, + "tracing_enabled": None, + "open_api_version": None, + "always_deploy": None, + } + + def test_endpoint_access_mode_set(self): + api_generator = ApiGenerator(**self.default_args, endpoint_access_mode="STRICT") + + rest_api = api_generator._construct_rest_api() + + self.assertEqual(rest_api.EndpointAccessMode, "STRICT") + + def test_no_endpoint_access_mode(self): + api_generator = ApiGenerator(**self.default_args, endpoint_access_mode=None) + + rest_api = api_generator._construct_rest_api() + + self.assertIsNone(rest_api.EndpointAccessMode) diff --git a/tests/model/api/test_websocket_api_generator.py b/tests/model/api/test_websocket_api_generator.py index ec2a5434c8..7a37a47866 100644 --- a/tests/model/api/test_websocket_api_generator.py +++ b/tests/model/api/test_websocket_api_generator.py @@ -47,6 +47,16 @@ def test_perms(self): "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${WebSocketApiId.ApiId}/default/$connect", ) + def test_perms_with_intrinsic_stage_name(self): + """Test that _construct_permission handles intrinsic StageName without TypeError.""" + kwargs = self.kwargs.copy() + kwargs["stage_name"] = {"Ref": "StageName"} + _, _, perm, _ = WebSocketApiGenerator(**kwargs)._construct_route_infr("$connect", kwargs["routes"]["$connect"]) + fn_sub = perm.SourceArn["Fn::Sub"] + self.assertIsInstance(fn_sub, list) + self.assertIn("${__StageName__}", fn_sub[0]) + self.assertEqual(fn_sub[1]["__StageName__"], {"Ref": "StageName"}) + def test_none_auth_no_id(self): kwargs = self.kwargs.copy() kwargs["auth_config"] = {"AuthType": "NONE"} diff --git a/tests/model/capacity_provider/test_generators.py b/tests/model/capacity_provider/test_generators.py index e7c2f6f497..dfc785c618 100644 --- a/tests/model/capacity_provider/test_generators.py +++ b/tests/model/capacity_provider/test_generators.py @@ -1,4 +1,3 @@ -from typing import List from unittest import TestCase from unittest.mock import patch @@ -220,5 +219,5 @@ def test_create_operator_role(self): # Verify passthrough attributes self.assertEqual(role_dict[logical_id]["Condition"], "MyCondition") - def extract_resource(self, resource_array: List[Resource]): + def extract_resource(self, resource_array: list[Resource]): return {r.logical_id: r.to_dict()[r.logical_id] for r in resource_array} diff --git a/tests/model/s3_utils/__init__.py b/tests/model/s3_utils/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/model/s3_utils/test_uri_parser.py b/tests/model/s3_utils/test_uri_parser.py new file mode 100644 index 0000000000..b6a85ead27 --- /dev/null +++ b/tests/model/s3_utils/test_uri_parser.py @@ -0,0 +1,49 @@ +"""Unit tests for :mod:`samtranslator.model.s3_utils.uri_parser`.""" + +from unittest import TestCase + +from samtranslator.model.exceptions import InvalidResourceException +from samtranslator.model.s3_utils.uri_parser import construct_s3_location_object, parse_s3_uri + + +class TestParseS3Uri(TestCase): + def test_valid_s3_uri(self): + self.assertEqual( + parse_s3_uri("s3://bucket/key"), + {"Bucket": "bucket", "Key": "key"}, + ) + + def test_valid_s3_uri_with_version(self): + self.assertEqual( + parse_s3_uri("s3://bucket/key?versionId=abcdef"), + {"Bucket": "bucket", "Key": "key", "Version": "abcdef"}, + ) + + def test_non_s3_scheme_returns_none(self): + self.assertIsNone(parse_s3_uri("https://example.com/key")) + + def test_non_string_returns_none(self): + self.assertIsNone(parse_s3_uri({"Bucket": "b", "Key": "k"})) + self.assertIsNone(parse_s3_uri(None)) + + def test_unresolved_cdk_token_returns_none(self): + """Bracketed host segments that are not valid IPv4/IPv6 raise ValueError + from urllib (see CVE-2024-11168); parse_s3_uri should treat the input as + "not a valid S3 URI" and return None so callers can raise a friendly + InvalidResourceException instead of crashing the transform. + """ + self.assertIsNone(parse_s3_uri("s3://[TOKEN.25]/my/key")) + self.assertIsNone(parse_s3_uri("https://[TOKEN.25]/path")) + self.assertIsNone(parse_s3_uri("s3://bucket-[TOKEN.25]/key")) + + +class TestConstructS3LocationObjectWithMalformedUri(TestCase): + """Verify that the top-level helper raises InvalidResourceException with the + logical id instead of letting the underlying urllib ValueError propagate. + """ + + def test_unresolved_cdk_token_raises_invalid_resource_exception(self): + with self.assertRaises(InvalidResourceException) as ctx: + construct_s3_location_object("s3://[TOKEN.25]/my/key", "MyFunction", "CodeUri") + self.assertIn("MyFunction", str(ctx.exception)) + self.assertIn("'CodeUri' is not a valid S3 Uri", str(ctx.exception)) diff --git a/tests/model/test_api_v2.py b/tests/model/test_api_v2.py index 9820986afa..b71f3c6d03 100644 --- a/tests/model/test_api_v2.py +++ b/tests/model/test_api_v2.py @@ -64,7 +64,7 @@ def test_create_authorizer_fails_with_authorization_scopes_non_oauth2(self): self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " - + "AuthorizationScopes must be defined only for OAuth2 Authorizer.", + + "AuthorizationScopes is only supported for OAuth2 Authorizer.", ) @mock.patch( @@ -79,8 +79,7 @@ def test_create_authorizer_fails_with_jtw_configuration_non_oauth2(self): ) self.assertEqual( e.value.message, - "Resource with id [logicalId] is invalid. " - + "JwtConfiguration must be defined only for OAuth2 Authorizer.", + "Resource with id [logicalId] is invalid. " + "JwtConfiguration is only supported for OAuth2 Authorizer.", ) def test_create_authorizer_fails_with_id_source_non_oauth2(self): @@ -92,7 +91,8 @@ def test_create_authorizer_fails_with_id_source_non_oauth2(self): ) self.assertEqual( e.value.message, - "Resource with id [logicalId] is invalid. " + "IdentitySource must be defined only for OAuth2 Authorizer.", + "Resource with id [logicalId] is invalid. " + "IdentitySource is only supported for OAuth2 Authorizer." + " For Lambda Authorizer, use the 'Identity' property instead.", ) def test_create_authorizer_fails_with_function_arn_non_lambda(self): @@ -106,7 +106,7 @@ def test_create_authorizer_fails_with_function_arn_non_lambda(self): ) self.assertEqual( e.value.message, - "Resource with id [logicalId] is invalid. " + "FunctionArn must be defined only for Lambda Authorizer.", + "Resource with id [logicalId] is invalid. " + "FunctionArn is only supported for Lambda Authorizer.", ) def test_create_authorizer_fails_with_function_invoke_role_non_lambda(self): @@ -120,8 +120,7 @@ def test_create_authorizer_fails_with_function_invoke_role_non_lambda(self): ) self.assertEqual( e.value.message, - "Resource with id [logicalId] is invalid. " - + "FunctionInvokeRole must be defined only for Lambda Authorizer.", + "Resource with id [logicalId] is invalid. " + "FunctionInvokeRole is only supported for Lambda Authorizer.", ) def test_create_authorizer_fails_with_identity_non_lambda(self): @@ -135,7 +134,7 @@ def test_create_authorizer_fails_with_identity_non_lambda(self): ) self.assertEqual( e.value.message, - "Resource with id [logicalId] is invalid. " + "Identity must be defined only for Lambda Authorizer.", + "Resource with id [logicalId] is invalid. " + "Identity is only supported for Lambda Authorizer.", ) def test_create_authorizer_fails_with_authorizer_payload_format_version_non_lambda(self): @@ -150,7 +149,7 @@ def test_create_authorizer_fails_with_authorizer_payload_format_version_non_lamb self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " - + "AuthorizerPayloadFormatVersion must be defined only for Lambda Authorizer.", + + "AuthorizerPayloadFormatVersion is only supported for Lambda Authorizer.", ) def test_create_authorizer_fails_with_enable_simple_responses_non_lambda(self): @@ -165,7 +164,7 @@ def test_create_authorizer_fails_with_enable_simple_responses_non_lambda(self): self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " - + "EnableSimpleResponses must be defined only for Lambda Authorizer.", + + "EnableSimpleResponses is only supported for Lambda Authorizer.", ) def test_create_authorizer_fails_with_enable_function_default_permissions_non_lambda(self): @@ -180,7 +179,7 @@ def test_create_authorizer_fails_with_enable_function_default_permissions_non_la self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " - + "EnableFunctionDefaultPermissions must be defined only for Lambda Authorizer.", + + "EnableFunctionDefaultPermissions is only supported for Lambda Authorizer.", ) @mock.patch( diff --git a/tests/model/test_sam_resources.py b/tests/model/test_sam_resources.py index a77698810f..a51d9c5f99 100644 --- a/tests/model/test_sam_resources.py +++ b/tests/model/test_sam_resources.py @@ -2,6 +2,7 @@ from unittest.mock import patch import pytest +from parameterized import parameterized from samtranslator.intrinsics.resolver import IntrinsicsResolver from samtranslator.model import InvalidResourceException, ResourceResolver from samtranslator.model.apigateway import ApiGatewayDeployment, ApiGatewayRestApi, ApiGatewayStage @@ -847,6 +848,51 @@ def test_role_get_att_no_execution_role(self): self.assertEqual(lambda_function.Role, role_get_att) + @parameterized.expand( + [ + # 2-arg Fn::If (missing false value) + ({"Fn::If": ["Condition", "arn:aws:iam::123456789012:role/existing-role"]},), + # 4-arg Fn::If (extra value) + ({"Fn::If": ["Condition", "role_a", "role_b", "role_c"]},), + ] + ) + def test_role_fn_if_invalid_arity_raises_invalid_resource_exception(self, malformed_role): + """Fn::If must have exactly 3 items: [Condition, TrueValue, FalseValue]. + Any other arity used to crash SAM-T with a raw ValueError/IndexError, + which CloudFormation surfaced as "Internal transform failure". + It must now raise a user-facing InvalidResourceException instead. + """ + self.function.Role = malformed_role + + with pytest.raises(InvalidResourceException) as excinfo: + self.function.to_cloudformation(**self.kwargs) + + msg = str(excinfo.value) + self.assertIn("foo", msg) # logical id + self.assertIn("Role", msg) + self.assertIn("Fn::If", msg) + + @parameterized.expand( + [ + # 2-arg Fn::If (missing false value) + ({"Fn::If": ["SomeCondition", "queue-arn"]},), + # 4-arg Fn::If (extra value) + ({"Fn::If": ["SomeCondition", "a", "b", "c"]},), + ] + ) + def test_destination_fn_if_invalid_arity_raises_invalid_resource_exception(self, malformed): + """EventInvokeConfig.DestinationConfig.{OnSuccess,OnFailure}.Destination + also supports Fn::If. Any list arity other than 3 previously crashed the + transform with IndexError in _get_or_make_condition. + """ + with pytest.raises(InvalidResourceException) as excinfo: + self.function._get_or_make_condition(malformed, "DestLogicalId", {}) + + msg = str(excinfo.value) + self.assertIn("DestLogicalId", msg) + self.assertIn("Destination", msg) + self.assertIn("Fn::If", msg) + class TestSamCapacityProvider(TestCase): """Tests for SamCapacityProvider""" diff --git a/tests/ruff.toml b/tests/ruff.toml index 79e96b2a19..6f09c17f01 100644 --- a/tests/ruff.toml +++ b/tests/ruff.toml @@ -1,8 +1,8 @@ # black formatter takes care of the line length -line-length = 999 +line-length = 320 -# Mininal python version we support is 3.8 -target-version = "py38" +# Minimal python version we support is 3.10 +target-version = "py310" # The code quality of tests can be a bit lower compared to samtranslator lint.select = [ diff --git a/tests/schema/test_cfn_schema_generator.py b/tests/schema/test_cfn_schema_generator.py index def397b022..b91774e057 100644 --- a/tests/schema/test_cfn_schema_generator.py +++ b/tests/schema/test_cfn_schema_generator.py @@ -79,7 +79,7 @@ def setUp(self): self.output_folder = "tests/schema/cfn_schema_generator/output_schema" @parameterized.expand( - lambda: _get_test_cases_for_schema_generation(), + _get_test_cases_for_schema_generation, skip_on_empty=True, ) def test_schema_generation(self, case_name): diff --git a/tests/test_import.py b/tests/test_import.py index dcdda124ff..4a5fb710ac 100644 --- a/tests/test_import.py +++ b/tests/test_import.py @@ -3,7 +3,6 @@ import subprocess import sys from pathlib import Path -from typing import List from unittest import TestCase from parameterized import parameterized @@ -11,8 +10,8 @@ _PROJECT_ROOT = Path(__file__).parent.parent -def scan_modules_recursively(module_name: str = "samtranslator") -> List[str]: - all_modules: List[str] = [module_name] +def scan_modules_recursively(module_name: str = "samtranslator") -> list[str]: + all_modules: list[str] = [module_name] for submodule in pkgutil.iter_modules([os.path.join(_PROJECT_ROOT, module_name.replace(".", os.path.sep))]): submodule_name = module_name + "." + submodule.name all_modules += scan_modules_recursively(submodule_name) diff --git a/tests/test_model.py b/tests/test_model.py index 9b78fed9f0..c88f728b5b 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -1,4 +1,4 @@ -from typing import Any, List, Optional +from typing import Any from unittest import TestCase from unittest.mock import Mock @@ -221,7 +221,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {"prop1": "resource_type1", "prop2": "resource_type2", "prop3": "resource_type3"} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource = NewSamResource("SamLogicalId") @@ -245,7 +245,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {"prop1": "resource_type1", "prop2": "resource_type2", "prop3": "resource_type3"} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource1 = NewSamResource("SamLogicalId1") @@ -274,7 +274,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {"prop1": "foo", "prop2": "bar"} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource = NewSamResource("SamLogicalId") @@ -292,7 +292,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource = NewSamResource("SamLogicalId") @@ -309,7 +309,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {"prop1": "resource_type1"} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource = NewSamResource("SamLogicalId") @@ -326,7 +326,7 @@ class NewSamResource(SamResourceMacro): property_types = {} referable_properties = {"prop1": "resource_type1"} - def to_cloudformation(self, **kwargs: Any) -> List[Any]: + def to_cloudformation(self, **kwargs: Any) -> list[Any]: return [] sam_resource = NewSamResource("SamLogicalId") @@ -420,23 +420,23 @@ def setUp(self): # Test setting properties using BaseModel from samtranslator.internal.schema_source.common class TestSettingProperties(BaseModel): - NestedVar1: Optional[str] = None - NestedVar2: Optional[str] = None + NestedVar1: str | None = None + NestedVar2: str | None = None # Comprehensive schema class for testing using BaseModel from samtranslator.internal.schema_source.common class TestProperties(BaseModel): - ConditionalVar1: Optional[int] = None - ConditionalVar2: Optional[int] = None - ConditionalVar3: Optional[int] = None - ExclusiveVar1: Optional[str] = None - ExclusiveVar2: Optional[str] = None - ExclusiveVar3: Optional[str] = None - InclusiveVar1: Optional[bool] = None - InclusiveVar2: Optional[bool] = None - InclusiveVar3: Optional[bool] = None - NestedSetting1: Optional[TestSettingProperties] = None - NestedSetting2: Optional[TestSettingProperties] = None - NestedSetting3: Optional[TestSettingProperties] = None + ConditionalVar1: int | None = None + ConditionalVar2: int | None = None + ConditionalVar3: int | None = None + ExclusiveVar1: str | None = None + ExclusiveVar2: str | None = None + ExclusiveVar3: str | None = None + InclusiveVar1: bool | None = None + InclusiveVar2: bool | None = None + InclusiveVar3: bool | None = None + NestedSetting1: TestSettingProperties | None = None + NestedSetting2: TestSettingProperties | None = None + NestedSetting3: TestSettingProperties | None = None self.TestProperties = TestProperties self.TestSettingProperties = TestSettingProperties diff --git a/tests/translator/input/api_with_basic_custom_domain.yaml b/tests/translator/input/api_with_basic_custom_domain.yaml index 8e1340ffc7..b26e29eaf0 100644 --- a/tests/translator/input/api_with_basic_custom_domain.yaml +++ b/tests/translator/input/api_with_basic_custom_domain.yaml @@ -5,7 +5,7 @@ Parameters: MyDomainCert: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert Globals: Api: @@ -59,7 +59,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: EDGE BasePath: [/get, /fetch] MutualTlsAuthentication: diff --git a/tests/translator/input/api_with_basic_custom_domain_intrinsics.yaml b/tests/translator/input/api_with_basic_custom_domain_intrinsics.yaml index f2350ea834..f2933662dc 100644 --- a/tests/translator/input/api_with_basic_custom_domain_intrinsics.yaml +++ b/tests/translator/input/api_with_basic_custom_domain_intrinsics.yaml @@ -6,7 +6,7 @@ Conditions: Parameters: MyDomainCert: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert EndpointConf: Type: String diff --git a/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml b/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml index 74016870db..cb85ee5778 100644 --- a/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml +++ b/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml @@ -6,7 +6,7 @@ Conditions: Parameters: MyDomainCert: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert EndpointConf: Type: String diff --git a/tests/translator/input/api_with_custom_domain_route53.yaml b/tests/translator/input/api_with_custom_domain_route53.yaml index 4bd307e3ea..9b556a0526 100644 --- a/tests/translator/input/api_with_custom_domain_route53.yaml +++ b/tests/translator/input/api_with_custom_domain_route53.yaml @@ -4,7 +4,7 @@ Parameters: Default: example.com ACMCertificateArn: Type: String - Default: cert-arn-in-us-east-1 + Default: arn:aws:acm:us-east-1:123456789012:certificate/abc123 Resources: MyFunction: Type: AWS::Serverless::Function diff --git a/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name.yaml b/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name.yaml index ac40c144fe..0b6b9124b0 100644 --- a/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name.yaml +++ b/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name.yaml @@ -4,7 +4,7 @@ Parameters: Default: example.com ACMCertificateArn: Type: String - Default: cert-arn-in-us-east-1 + Default: arn:aws:acm:us-east-1:123456789012:certificate/abc123 Resources: MyFunction: Type: AWS::Serverless::Function diff --git a/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name_http.yaml b/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name_http.yaml index acd14c7307..72f92d6674 100644 --- a/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name_http.yaml +++ b/tests/translator/input/api_with_custom_domain_route53_hosted_zone_name_http.yaml @@ -4,7 +4,7 @@ Parameters: Default: example.com ACMCertificateArn: Type: String - Default: cert-arn-in-us-east-1 + Default: arn:aws:acm:us-east-1:123456789012:certificate/abc123 Globals: HttpApi: Domain: diff --git a/tests/translator/input/api_with_custom_domain_route53_http.yaml b/tests/translator/input/api_with_custom_domain_route53_http.yaml index f8fbe58aaa..eb4291527c 100644 --- a/tests/translator/input/api_with_custom_domain_route53_http.yaml +++ b/tests/translator/input/api_with_custom_domain_route53_http.yaml @@ -4,7 +4,7 @@ Parameters: Default: example.com ACMCertificateArn: Type: String - Default: cert-arn-in-us-east-1 + Default: arn:aws:acm:us-east-1:123456789012:certificate/abc123 Resources: MyFunction: Type: AWS::Serverless::Function diff --git a/tests/translator/input/api_with_custom_domain_route53_multiple.yaml b/tests/translator/input/api_with_custom_domain_route53_multiple.yaml index 87f22d6cb1..dd5b56a373 100644 --- a/tests/translator/input/api_with_custom_domain_route53_multiple.yaml +++ b/tests/translator/input/api_with_custom_domain_route53_multiple.yaml @@ -18,7 +18,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -38,7 +38,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -58,7 +58,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.yaml b/tests/translator/input/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.yaml index 9333ec49b3..4ace81fc5e 100644 --- a/tests/translator/input/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.yaml +++ b/tests/translator/input/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.yaml @@ -22,7 +22,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: !Ref MyHostedZoneId @@ -42,7 +42,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: !Sub "{{MyHostedZoneId}}" @@ -62,7 +62,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: !Ref MyHostedZoneId diff --git a/tests/translator/input/api_with_custom_domain_security_policy_edge.yaml b/tests/translator/input/api_with_custom_domain_security_policy_edge.yaml new file mode 100644 index 0000000000..4b4d73aee2 --- /dev/null +++ b/tests/translator/input/api_with_custom_domain_security_policy_edge.yaml @@ -0,0 +1,45 @@ +Parameters: + MyDomainName: + Type: String + MyCertificateArn: + Type: String + HostedZoneId: + Type: String + +Resources: + Api: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + EndpointConfiguration: + Type: EDGE + Domain: + DomainName: !Ref MyDomainName + CertificateArn: !Ref MyCertificateArn + EndpointConfiguration: EDGE + SecurityPolicy: SecurityPolicy_TLS13_2025_EDGE + EndpointAccessMode: STRICT + Route53: + HostedZoneId: !Ref HostedZoneId + DefinitionBody: + swagger: '2.0' + info: + title: MockApi + version: '1.0' + paths: + /get: + get: + responses: + '200': + description: 200 response + x-amazon-apigateway-integration: + type: mock + requestTemplates: + application/json: '{"statusCode": 200}' + responses: + default: + statusCode: '200' + responseTemplates: + application/json: '{"message": "Hello World"}' +Metadata: + SamTransformTest: true diff --git a/tests/translator/input/api_with_custom_domain_security_policy_private.yaml b/tests/translator/input/api_with_custom_domain_security_policy_private.yaml new file mode 100644 index 0000000000..871b640fed --- /dev/null +++ b/tests/translator/input/api_with_custom_domain_security_policy_private.yaml @@ -0,0 +1,78 @@ +Parameters: + MyDomainName: + Type: String + MyCertificateArn: + Type: String + HostedZoneId: + Type: String + VpcEndpointId: + Type: String + VpcEndpointDomainName: + Type: String + VpcEndpointHostedZoneId: + Type: String + +Resources: + Api: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + Auth: + ResourcePolicy: + CustomStatements: + - Effect: Allow + Action: execute-api:Invoke + Resource: + - execute-api:/*/*/* + Principal: '*' + Condition: + StringEquals: + aws:SourceVpce: !Ref VpcEndpointId + EndpointConfiguration: + Type: PRIVATE + VPCEndpointIds: + - !Ref VpcEndpointId + Domain: + DomainName: !Ref MyDomainName + CertificateArn: !Ref MyCertificateArn + EndpointConfiguration: PRIVATE + SecurityPolicy: SecurityPolicy_TLS13_1_3_2025_09 + EndpointAccessMode: STRICT + Route53: + HostedZoneId: !Ref HostedZoneId + VpcEndpointDomainName: !Ref VpcEndpointDomainName + VpcEndpointHostedZoneId: !Ref VpcEndpointHostedZoneId + AccessAssociation: + VpcEndpointId: !Ref VpcEndpointId + Policy: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: '*' + Action: execute-api:Invoke + Resource: execute-api:/*/*/* + Condition: + StringEquals: + aws:SourceVpce: !Ref VpcEndpointId + DefinitionBody: + swagger: '2.0' + info: + title: MockApi + version: '1.0' + paths: + /get: + get: + responses: + '200': + description: 200 response + x-amazon-apigateway-integration: + type: mock + requestTemplates: + application/json: '{"statusCode": 200}' + responses: + default: + statusCode: '200' + responseTemplates: + application/json: '{"message": "Hello World"}' +Metadata: + SamTransformTest: true diff --git a/tests/translator/input/api_with_custom_domain_security_policy_regional.yaml b/tests/translator/input/api_with_custom_domain_security_policy_regional.yaml new file mode 100644 index 0000000000..bbd9d7189d --- /dev/null +++ b/tests/translator/input/api_with_custom_domain_security_policy_regional.yaml @@ -0,0 +1,45 @@ +Parameters: + MyDomainName: + Type: String + MyCertificateArn: + Type: String + HostedZoneId: + Type: String + +Resources: + Api: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + EndpointConfiguration: + Type: REGIONAL + Domain: + DomainName: !Ref MyDomainName + CertificateArn: !Ref MyCertificateArn + EndpointConfiguration: REGIONAL + SecurityPolicy: SecurityPolicy_TLS13_1_3_2025_09 + EndpointAccessMode: STRICT + Route53: + HostedZoneId: !Ref HostedZoneId + DefinitionBody: + swagger: '2.0' + info: + title: MockApi + version: '1.0' + paths: + /get: + get: + responses: + '200': + description: 200 response + x-amazon-apigateway-integration: + type: mock + requestTemplates: + application/json: '{"statusCode": 200}' + responses: + default: + statusCode: '200' + responseTemplates: + application/json: '{"message": "Hello World"}' +Metadata: + SamTransformTest: true diff --git a/tests/translator/input/api_with_custom_domains_private.yaml b/tests/translator/input/api_with_custom_domains_private.yaml index 5f6cb4709d..a8f5c18a5f 100644 --- a/tests/translator/input/api_with_custom_domains_private.yaml +++ b/tests/translator/input/api_with_custom_domains_private.yaml @@ -6,7 +6,7 @@ Parameters: CertificateArn: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert Description: ARN of the ACM certificate for the domain VpcEndpointId: diff --git a/tests/translator/input/api_with_custom_domains_private_basePath.yaml b/tests/translator/input/api_with_custom_domains_private_basePath.yaml index 9c91ea3184..f5357eb625 100644 --- a/tests/translator/input/api_with_custom_domains_private_basePath.yaml +++ b/tests/translator/input/api_with_custom_domains_private_basePath.yaml @@ -6,7 +6,7 @@ Parameters: CertificateArn: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert Description: ARN of the ACM certificate for the domain VpcEndpointId: diff --git a/tests/translator/input/api_with_endpoint_access_mode.yaml b/tests/translator/input/api_with_endpoint_access_mode.yaml new file mode 100644 index 0000000000..dbd0e995c9 --- /dev/null +++ b/tests/translator/input/api_with_endpoint_access_mode.yaml @@ -0,0 +1,19 @@ +Globals: + Api: + EndpointAccessMode: BASIC + SecurityPolicy: SecurityPolicy_TLS13_1_3_2025_09 + +Resources: + # Inherits Globals + ApiInheritGlobals: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + + # Top-level overrides Globals + ApiTopLevelOverride: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + EndpointAccessMode: STRICT + SecurityPolicy: SecurityPolicy_TLS13_1_3_2025_09 diff --git a/tests/translator/input/capacity_provider_global_with_functions.yaml b/tests/translator/input/capacity_provider_global_with_functions.yaml index 21b6d7ff9a..55a4999665 100644 --- a/tests/translator/input/capacity_provider_global_with_functions.yaml +++ b/tests/translator/input/capacity_provider_global_with_functions.yaml @@ -48,7 +48,7 @@ Globals: InstanceRequirements: Architectures: - x86_64 - KmsKeyArn: some-kms-arn + KmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/some-kms-key Function: Runtime: python3.12 diff --git a/tests/translator/input/error_api_mtls_configuration_invalid_field.yaml b/tests/translator/input/error_api_mtls_configuration_invalid_field.yaml index 598d27c07b..cdf647b902 100644 --- a/tests/translator/input/error_api_mtls_configuration_invalid_field.yaml +++ b/tests/translator/input/error_api_mtls_configuration_invalid_field.yaml @@ -6,7 +6,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: EDGE BasePath: [/get, /fetch] MutualTlsAuthentication: diff --git a/tests/translator/input/error_api_mtls_configuration_invalid_type.yaml b/tests/translator/input/error_api_mtls_configuration_invalid_type.yaml index d0f105989f..9957f2522a 100644 --- a/tests/translator/input/error_api_mtls_configuration_invalid_type.yaml +++ b/tests/translator/input/error_api_mtls_configuration_invalid_type.yaml @@ -6,7 +6,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: EDGE BasePath: [/get, /fetch] MutualTlsAuthentication: diff --git a/tests/translator/input/error_api_with_custom_domains_invalid.yaml b/tests/translator/input/error_api_with_custom_domains_invalid.yaml index 63b7916cfc..878940aefb 100644 --- a/tests/translator/input/error_api_with_custom_domains_invalid.yaml +++ b/tests/translator/input/error_api_with_custom_domains_invalid.yaml @@ -5,7 +5,7 @@ Parameters: MyDomainCert: Type: String - Default: another-api-arn + Default: arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert Globals: Api: @@ -58,7 +58,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: Invalid BasePath: [/get, /fetch] @@ -85,6 +85,6 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert BasePath: - 3 # this should not be a number diff --git a/tests/translator/input/error_api_with_custom_domains_route53_invalid.yaml b/tests/translator/input/error_api_with_custom_domains_route53_invalid.yaml index 991611e9db..594c289787 100644 --- a/tests/translator/input/error_api_with_custom_domains_route53_invalid.yaml +++ b/tests/translator/input/error_api_with_custom_domains_route53_invalid.yaml @@ -33,7 +33,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: EDGE BasePath: [/get, /fetch] Route53: diff --git a/tests/translator/input/error_api_with_custom_domains_route53_invalid_type.yaml b/tests/translator/input/error_api_with_custom_domains_route53_invalid_type.yaml index e160619107..1c1bc0ac30 100644 --- a/tests/translator/input/error_api_with_custom_domains_route53_invalid_type.yaml +++ b/tests/translator/input/error_api_with_custom_domains_route53_invalid_type.yaml @@ -27,7 +27,7 @@ Resources: StageName: Prod Domain: DomainName: api-example.com - CertificateArn: my-api-cert-arn + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert EndpointConfiguration: EDGE BasePath: [/get] Route53: InvalidString diff --git a/tests/translator/input/error_function_codeuri_unresolved_token.yaml b/tests/translator/input/error_function_codeuri_unresolved_token.yaml new file mode 100644 index 0000000000..25c124131e --- /dev/null +++ b/tests/translator/input/error_function_codeuri_unresolved_token.yaml @@ -0,0 +1,14 @@ +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.12 + Handler: index.handler + # CDK sometimes synthesizes unresolved Token placeholders like + # "${Token[Bucket.Name.25]}" / "[TOKEN.25]" into string properties. + # Python's urllib validates bracketed-host segments against the IPv6 + # grammar since CVE-2024-11168, so urlparse("s3://[TOKEN.25]/...") + # raises `ValueError: 'TOKEN.25' does not appear to be an IPv4 or IPv6 + # address`. Previously that propagated out of the transform macro as + # the opaque "Internal transform failure" message. + CodeUri: s3://[TOKEN.25]/my/key diff --git a/tests/translator/input/error_function_event_destination_fn_if_malformed.yaml b/tests/translator/input/error_function_event_destination_fn_if_malformed.yaml new file mode 100644 index 0000000000..f6274642ef --- /dev/null +++ b/tests/translator/input/error_function_event_destination_fn_if_malformed.yaml @@ -0,0 +1,31 @@ +Parameters: + IsProd: + Type: String + Default: 'true' + +Conditions: + IsProdCondition: !Equals [!Ref IsProd, 'true'] + +Resources: + MyQueue: + Type: AWS::SQS::Queue + + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.12 + Handler: index.handler + InlineCode: | + def handler(event, context): + return 'hi' + EventInvokeConfig: + MaximumRetryAttempts: 2 + DestinationConfig: + OnSuccess: + Type: SQS + # Malformed Fn::If: only 2 elements instead of [Condition, TrueValue, FalseValue]. + # Previously this crashed the transform with an IndexError in + # _get_or_make_condition, which CloudFormation surfaced as + # "Internal transform failure". It must now raise a user-facing + # InvalidResourceException naming the offending resource. + Destination: !If [IsProdCondition, !GetAtt MyQueue.Arn] diff --git a/tests/translator/input/error_function_role_fn_if_malformed.yaml b/tests/translator/input/error_function_role_fn_if_malformed.yaml new file mode 100644 index 0000000000..497a9d6a11 --- /dev/null +++ b/tests/translator/input/error_function_role_fn_if_malformed.yaml @@ -0,0 +1,32 @@ +Parameters: + IsProd: + Type: String + Default: 'true' + +Conditions: + IsProdCondition: !Equals [!Ref IsProd, 'true'] + +Resources: + ExistingRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: {Service: lambda.amazonaws.com} + Action: sts:AssumeRole + + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.12 + Handler: index.handler + InlineCode: | + def handler(event, context): + return 'hi' + # Malformed Fn::If: only 2 elements instead of [Condition, TrueValue, FalseValue]. + # Previously this crashed the transform with a Python + # `ValueError: not enough values to unpack (expected 3, got 2)`, + # which CloudFormation surfaced as "Internal transform failure". + Role: !If [IsProdCondition, !GetAtt ExistingRole.Arn] diff --git a/tests/translator/input/error_graphqlapi.yaml b/tests/translator/input/error_graphqlapi.yaml index 8b803b5738..5f62a95cae 100644 --- a/tests/translator/input/error_graphqlapi.yaml +++ b/tests/translator/input/error_graphqlapi.yaml @@ -60,7 +60,7 @@ Resources: key1: value1 key2: value2 Logging: - CloudWatchLogsRoleArn: some-arn + CloudWatchLogsRoleArn: arn:aws:iam::123456789012:role/some-role FieldLogLevel: ERROR ExcludeVerboseContent: true NotSupposedToBeHere: yo @@ -137,7 +137,7 @@ Resources: DynamoDb: InternalDataSource: TableName: SomeTable - ServiceRoleArn: SomeRoleArn + ServiceRoleArn: arn:aws:iam::123456789012:role/SomeRole Functions: UnknownDataSource: CodeUri: my-code diff --git a/tests/translator/input/error_separate_route53_recordset_group.yaml b/tests/translator/input/error_separate_route53_recordset_group.yaml index 9be24513fa..fb5ea34eac 100644 --- a/tests/translator/input/error_separate_route53_recordset_group.yaml +++ b/tests/translator/input/error_separate_route53_recordset_group.yaml @@ -31,7 +31,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -52,7 +52,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -73,7 +73,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/function_with_alias_and_all_properties_property.yaml b/tests/translator/input/function_with_alias_and_all_properties_property.yaml index 0154aa6030..491699b7c2 100644 --- a/tests/translator/input/function_with_alias_and_all_properties_property.yaml +++ b/tests/translator/input/function_with_alias_and_all_properties_property.yaml @@ -43,7 +43,7 @@ Resources: EphemeralStorage: Size: 1024 Role: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/role1 - KmsKeyArn: !Sub arn:${AWS::Partition}:key:key + KmsKeyArn: !Sub arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key FileSystemConfigs: - Arn: !GetAtt AccessPoint.Arn LocalMountPath: /mnt/EFS @@ -73,7 +73,7 @@ Resources: EphemeralStorage: Size: 1024 Role: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/role1 - KmsKeyArn: !Sub arn:${AWS::Partition}:key:key + KmsKeyArn: !Sub arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key FileSystemConfigs: - Arn: !GetAtt AccessPoint.Arn LocalMountPath: /mnt/EFS diff --git a/tests/translator/input/function_with_kmskeyarn.yaml b/tests/translator/input/function_with_kmskeyarn.yaml index 345921ba4b..021e6f56e7 100644 --- a/tests/translator/input/function_with_kmskeyarn.yaml +++ b/tests/translator/input/function_with_kmskeyarn.yaml @@ -5,7 +5,7 @@ Resources: CodeUri: s3://sam-demo-bucket/hello.zip Handler: hello.handler Runtime: python2.7 - KmsKeyArn: thisIsaKey + KmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/this-is-a-key FunctionWithReferenceToKeyArn: Type: AWS::Serverless::Function @@ -14,7 +14,9 @@ Resources: Handler: hello.handler Runtime: python2.7 KmsKeyArn: - Ref: myKey + Fn::GetAtt: + - myKey + - Arn myKey: Type: AWS::KMS::Key diff --git a/tests/translator/input/graphqlapi_ddb_datasource_all_properties.yaml b/tests/translator/input/graphqlapi_ddb_datasource_all_properties.yaml index 8cb2cfdfa4..a11f26ac0e 100644 --- a/tests/translator/input/graphqlapi_ddb_datasource_all_properties.yaml +++ b/tests/translator/input/graphqlapi_ddb_datasource_all_properties.yaml @@ -18,7 +18,7 @@ Resources: DynamoDb: MyDataSource: TableName: some-table - ServiceRoleArn: some-arn + ServiceRoleArn: arn:aws:iam::123456789012:role/some-role Name: AwesomeDataSourceName Description: This data source is special to me Region: na-west-2 diff --git a/tests/translator/input/graphqlapi_function_datasource_property.yaml b/tests/translator/input/graphqlapi_function_datasource_property.yaml index b1c50285d6..8d9d9eb66c 100644 --- a/tests/translator/input/graphqlapi_function_datasource_property.yaml +++ b/tests/translator/input/graphqlapi_function_datasource_property.yaml @@ -20,7 +20,7 @@ Resources: DynamoDb: InternalDataSource: TableName: SomeTable - ServiceRoleArn: SomeRoleArn + ServiceRoleArn: arn:aws:iam::123456789012:role/SomeRole Functions: UseInternal: InlineCode: this is my epic code diff --git a/tests/translator/input/graphqlapi_intrinsical_names.yaml b/tests/translator/input/graphqlapi_intrinsical_names.yaml index 4b5ab5fe44..a107241d21 100644 --- a/tests/translator/input/graphqlapi_intrinsical_names.yaml +++ b/tests/translator/input/graphqlapi_intrinsical_names.yaml @@ -45,7 +45,7 @@ Resources: Lambda: MyDataSource: FunctionArn: my-lambda-arn - ServiceRoleArn: some-role-arn + ServiceRoleArn: arn:aws:iam::123456789012:role/some-role Name: !Ref LambdaDSName DynamoDb: DDB1: diff --git a/tests/translator/input/graphqlapi_lambda_and_ddb_datasource.yaml b/tests/translator/input/graphqlapi_lambda_and_ddb_datasource.yaml index 8aca479ea4..8c4c21ebb7 100644 --- a/tests/translator/input/graphqlapi_lambda_and_ddb_datasource.yaml +++ b/tests/translator/input/graphqlapi_lambda_and_ddb_datasource.yaml @@ -18,9 +18,9 @@ Resources: Lambda: MyDataSource: FunctionArn: blah - ServiceRoleArn: my-lambda-role + ServiceRoleArn: arn:aws:iam::123456789012:role/my-lambda-role DynamoDb: MyDataSource: TableName: some-table TableArn: big-arn - ServiceRoleArn: my-ddb-role + ServiceRoleArn: arn:aws:iam::123456789012:role/my-ddb-role diff --git a/tests/translator/input/graphqlapi_logging_defined.yaml b/tests/translator/input/graphqlapi_logging_defined.yaml index 37a3b014ec..66a21dda60 100644 --- a/tests/translator/input/graphqlapi_logging_defined.yaml +++ b/tests/translator/input/graphqlapi_logging_defined.yaml @@ -14,6 +14,6 @@ Resources: key1: value1 key2: value2 Logging: - CloudWatchLogsRoleArn: some-arn + CloudWatchLogsRoleArn: arn:aws:iam::123456789012:role/some-role FieldLogLevel: ERROR ExcludeVerboseContent: true diff --git a/tests/translator/input/graphqlapi_resolver_function_with_lambda_datasource.yaml b/tests/translator/input/graphqlapi_resolver_function_with_lambda_datasource.yaml index 98a77993ec..b08a6dc2d2 100644 --- a/tests/translator/input/graphqlapi_resolver_function_with_lambda_datasource.yaml +++ b/tests/translator/input/graphqlapi_resolver_function_with_lambda_datasource.yaml @@ -18,7 +18,7 @@ Resources: Lambda: MyDataSource: FunctionArn: my-lambda-arn - ServiceRoleArn: some-role-arn + ServiceRoleArn: arn:aws:iam::123456789012:role/some-role Name: PradsLambdaDataSource Description: lambda datasources are nice Resolvers: diff --git a/tests/translator/input/http_api_with_custom_domain_route53_multiple.yaml b/tests/translator/input/http_api_with_custom_domain_route53_multiple.yaml index 299e0ef83a..e659becc78 100644 --- a/tests/translator/input/http_api_with_custom_domain_route53_multiple.yaml +++ b/tests/translator/input/http_api_with_custom_domain_route53_multiple.yaml @@ -4,7 +4,7 @@ Resources: Properties: Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -14,7 +14,7 @@ Resources: Properties: Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -24,7 +24,7 @@ Resources: Properties: Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/httpapi_with_propagate_tags.yaml b/tests/translator/input/httpapi_with_propagate_tags.yaml index 797861400d..003ca4e96f 100644 --- a/tests/translator/input/httpapi_with_propagate_tags.yaml +++ b/tests/translator/input/httpapi_with_propagate_tags.yaml @@ -13,7 +13,7 @@ Resources: PropagateTags: true Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/mixed_api_with_custom_domain_route53_multiple.yaml b/tests/translator/input/mixed_api_with_custom_domain_route53_multiple.yaml index 84feb1efa9..2d5f494da6 100644 --- a/tests/translator/input/mixed_api_with_custom_domain_route53_multiple.yaml +++ b/tests/translator/input/mixed_api_with_custom_domain_route53_multiple.yaml @@ -11,7 +11,7 @@ Resources: Properties: Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -28,7 +28,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/separate_route53_recordset_group.yaml b/tests/translator/input/separate_route53_recordset_group.yaml index 67d323987e..c6c65449b7 100644 --- a/tests/translator/input/separate_route53_recordset_group.yaml +++ b/tests/translator/input/separate_route53_recordset_group.yaml @@ -31,7 +31,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -52,7 +52,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -73,7 +73,7 @@ Resources: HttpMethod: '*' Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/websocket_api_domain_globals.yaml b/tests/translator/input/websocket_api_domain_globals.yaml index 24d75aa39e..869c40ea49 100644 --- a/tests/translator/input/websocket_api_domain_globals.yaml +++ b/tests/translator/input/websocket_api_domain_globals.yaml @@ -2,7 +2,7 @@ Globals: WebSocketApi: Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -33,7 +33,7 @@ Resources: Properties: Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/websocket_api_with_custom_domain_route53_multiple.yaml b/tests/translator/input/websocket_api_with_custom_domain_route53_multiple.yaml index 7b10e0ba11..3a327c7926 100644 --- a/tests/translator/input/websocket_api_with_custom_domain_route53_multiple.yaml +++ b/tests/translator/input/websocket_api_with_custom_domain_route53_multiple.yaml @@ -22,7 +22,7 @@ Resources: Properties: Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -36,7 +36,7 @@ Resources: Properties: Domain: DomainName: admin.two.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 @@ -50,7 +50,7 @@ Resources: Properties: Domain: DomainName: admin.three.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/input/websocket_api_with_propagate_tags.yaml b/tests/translator/input/websocket_api_with_propagate_tags.yaml index 6c15e4fd26..f4827c5907 100644 --- a/tests/translator/input/websocket_api_with_propagate_tags.yaml +++ b/tests/translator/input/websocket_api_with_propagate_tags.yaml @@ -19,7 +19,7 @@ Resources: Format: $context.requestId Domain: DomainName: admin.one.amazon.com - CertificateArn: arn::cert::abc + CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abc EndpointConfiguration: REGIONAL Route53: HostedZoneId: abc123456 diff --git a/tests/translator/output/api_with_basic_custom_domain.json b/tests/translator/output/api_with_basic_custom_domain.json index 8e22384455..f556d35263 100644 --- a/tests/translator/output/api_with_basic_custom_domain.json +++ b/tests/translator/output/api_with_basic_custom_domain.json @@ -1,7 +1,7 @@ { "Parameters": { "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyDomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName23cdccdf9c": { "Properties": { - "CertificateArn": "my-api-cert-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert", "DomainName": "api-example.com", "EndpointConfiguration": { "Types": [ @@ -35,7 +35,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "another-api-arn" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -81,9 +81,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyAnotherApiDeployment48a61be119": { + "MyAnotherApiDeployment6a1584712a": { "Properties": { - "Description": "RestApi deployment id: 48a61be119a247807ea0ef8378e6aa16592f90fa", + "Description": "RestApi deployment id: 6a1584712af350e3e6b97bdb00baa3edce663457", "RestApiId": { "Ref": "MyAnotherApi" } @@ -93,7 +93,7 @@ "MyAnotherApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyAnotherApiDeployment48a61be119" + "Ref": "MyAnotherApiDeployment6a1584712a" }, "RestApiId": { "Ref": "MyAnotherApi" @@ -142,9 +142,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment347043ff9e": { + "MyApiDeploymentfc18b3402b": { "Properties": { - "Description": "RestApi deployment id: 347043ff9ec72c6ce10317548939c3802eb1dd55", + "Description": "RestApi deployment id: fc18b3402b150e523f8656b5e2fce5f954eb00f3", "RestApiId": { "Ref": "MyApi" } @@ -154,7 +154,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment347043ff9e" + "Ref": "MyApiDeploymentfc18b3402b" }, "RestApiId": { "Ref": "MyApi" @@ -371,9 +371,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ServerlessRestApiDeployment3c44da8ffd": { + "ServerlessRestApiDeployment6629dded88": { "Properties": { - "Description": "RestApi deployment id: 3c44da8ffdf3025dc792391a61590b92e8e2ff48", + "Description": "RestApi deployment id: 6629dded88958f90db94aac6ceea567a84c60d99", "RestApiId": { "Ref": "ServerlessRestApi" }, @@ -384,7 +384,7 @@ "ServerlessRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment3c44da8ffd" + "Ref": "ServerlessRestApiDeployment6629dded88" }, "RestApiId": { "Ref": "ServerlessRestApi" diff --git a/tests/translator/output/api_with_basic_custom_domain_intrinsics.json b/tests/translator/output/api_with_basic_custom_domain_intrinsics.json index 69df9e3fc8..759473866a 100644 --- a/tests/translator/output/api_with_basic_custom_domain_intrinsics.json +++ b/tests/translator/output/api_with_basic_custom_domain_intrinsics.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUri": { @@ -41,7 +41,7 @@ "TruststoreUri": "another-api-truststore-uri", "TruststoreVersion": "another-api-truststore-version" }, - "RegionalCertificateArn": "another-api-arn", + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "SecurityPolicy": "TLS_1_2" }, "Type": "AWS::ApiGateway::DomainName" @@ -99,10 +99,10 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment19c8cf5c63": { + "MyApiDeploymentef17a59556": { "Condition": "C1", "Properties": { - "Description": "RestApi deployment id: 19c8cf5c63090f12c5a96f6f57162495bed446c7", + "Description": "RestApi deployment id: ef17a59556daf8c37498579c31e65d0f4f61ab3f", "RestApiId": { "Ref": "MyApi" } @@ -113,7 +113,7 @@ "Condition": "C1", "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment19c8cf5c63" + "Ref": "MyApiDeploymentef17a59556" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json b/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json index 70ca73102d..16ff1a86dc 100644 --- a/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json +++ b/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUriHTTP": { @@ -34,7 +34,7 @@ }, "DomainNameConfigurations": [ { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "EndpointType": "REGIONAL", "SecurityPolicy": "TLS_1_2" } diff --git a/tests/translator/output/api_with_custom_domain_route53.json b/tests/translator/output/api_with_custom_domain_route53.json index 84632ace2e..281211f68c 100644 --- a/tests/translator/output/api_with_custom_domain_route53.json +++ b/tests/translator/output/api_with_custom_domain_route53.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -50,9 +50,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeploymentf643ef7f59": { + "MyApiDeploymentd17d08f1ff": { "Properties": { - "Description": "RestApi deployment id: f643ef7f592a69a57638dd25e64dc12d2b4abf2d", + "Description": "RestApi deployment id: d17d08f1ff4d9040cb01d830caba310df8330b77", "RestApiId": { "Ref": "MyApi" } @@ -62,7 +62,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymentf643ef7f59" + "Ref": "MyApiDeploymentd17d08f1ff" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name.json b/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name.json index fee579db64..2d5f822d3b 100644 --- a/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name.json +++ b/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -50,9 +50,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeploymenteb58d7577a": { + "MyApiDeployment69d4a9c956": { "Properties": { - "Description": "RestApi deployment id: eb58d7577a65af049c9c6f10c9d8b286de6b5aeb", + "Description": "RestApi deployment id: 69d4a9c956362df156427c3a8ad0b1983743921f", "RestApiId": { "Ref": "MyApi" } @@ -62,7 +62,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymenteb58d7577a" + "Ref": "MyApiDeployment69d4a9c956" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name_http.json b/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name_http.json index ec5284f1db..7a483f8f45 100644 --- a/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name_http.json +++ b/tests/translator/output/api_with_custom_domain_route53_hosted_zone_name_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/api_with_custom_domain_route53_http.json b/tests/translator/output/api_with_custom_domain_route53_http.json index 0384e8af05..f94d8600fe 100644 --- a/tests/translator/output/api_with_custom_domain_route53_http.json +++ b/tests/translator/output/api_with_custom_domain_route53_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/api_with_custom_domain_route53_multiple.json b/tests/translator/output/api_with_custom_domain_route53_multiple.json index 5e64d4738f..18bafd7539 100644 --- a/tests/translator/output/api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/api_with_custom_domain_route53_multiple.json @@ -40,9 +40,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -53,7 +53,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -108,9 +108,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment7541e97159": { + "ApiGatewayAdminThreeDeployment30e2eaa7d5": { "Properties": { - "Description": "RestApi deployment id: 7541e971598cffe7cafab030d3fccc687d508f59", + "Description": "RestApi deployment id: 30e2eaa7d590e7a85c5ce8b5eb5926ffa28afc90", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -121,7 +121,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment7541e97159" + "Ref": "ApiGatewayAdminThreeDeployment30e2eaa7d5" }, "MethodSettings": [ { @@ -176,9 +176,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment61887a4eed": { + "ApiGatewayAdminTwoDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -189,7 +189,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment61887a4eed" + "Ref": "ApiGatewayAdminTwoDeployment43c6a2ef1d" }, "MethodSettings": [ { @@ -214,7 +214,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -226,7 +226,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -238,7 +238,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json b/tests/translator/output/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json index 087c720574..e2737cc655 100644 --- a/tests/translator/output/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json +++ b/tests/translator/output/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json @@ -45,9 +45,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeployment066bb1ceae": { + "ApiGatewayAdminOneDeployment90f9e9bb3f": { "Properties": { - "Description": "RestApi deployment id: 066bb1ceaebd0cafae99258bbe7130af8b676372", + "Description": "RestApi deployment id: 90f9e9bb3ff69b4b71008da58841c770681ed84c", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -58,7 +58,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeployment066bb1ceae" + "Ref": "ApiGatewayAdminOneDeployment90f9e9bb3f" }, "MethodSettings": [ { @@ -113,9 +113,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment169349c1e9": { + "ApiGatewayAdminThreeDeployment127733f946": { "Properties": { - "Description": "RestApi deployment id: 169349c1e96a0f130ee35f7bb9d83b042c386d6f", + "Description": "RestApi deployment id: 127733f94631341b13b3d91531d39f307d0b4700", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -126,7 +126,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment169349c1e9" + "Ref": "ApiGatewayAdminThreeDeployment127733f946" }, "MethodSettings": [ { @@ -181,9 +181,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeploymentca2a75b5dd": { + "ApiGatewayAdminTwoDeployment19f5544fe4": { "Properties": { - "Description": "RestApi deployment id: ca2a75b5dd3713c71543e80f2b6f5aac9538ea9c", + "Description": "RestApi deployment id: 19f5544fe49037ecad607e6d0a584c3a252b6367", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -194,7 +194,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeploymentca2a75b5dd" + "Ref": "ApiGatewayAdminTwoDeployment19f5544fe4" }, "MethodSettings": [ { @@ -219,7 +219,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -231,7 +231,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -243,7 +243,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/api_with_custom_domain_security_policy_edge.json b/tests/translator/output/api_with_custom_domain_security_policy_edge.json new file mode 100644 index 0000000000..67b32d5b9b --- /dev/null +++ b/tests/translator/output/api_with_custom_domain_security_policy_edge.json @@ -0,0 +1,142 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "EDGE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeploymentb4212ace49": { + "Properties": { + "Description": "RestApi deployment id: b4212ace4953ed4f1debfa33eda1b29707d537e1", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "SecurityPolicy": "SecurityPolicy_TLS13_2025_EDGE" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentb4212ace49" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "DistributionDomainName" + ] + }, + "HostedZoneId": "Z2FDTNDATAQYW2" + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/api_with_custom_domain_security_policy_private.json b/tests/translator/output/api_with_custom_domain_security_policy_private.json new file mode 100644 index 0000000000..163ca73df2 --- /dev/null +++ b/tests/translator/output/api_with_custom_domain_security_policy_private.json @@ -0,0 +1,205 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + }, + "VpcEndpointDomainName": { + "Type": "String" + }, + "VpcEndpointHostedZoneId": { + "Type": "String" + }, + "VpcEndpointId": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0", + "x-amazon-apigateway-policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": [ + "execute-api:/*/*/*" + ] + } + ], + "Version": "2012-10-17" + } + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + { + "Ref": "VpcEndpointId" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "ApiDeployment201b5a52ed": { + "Properties": { + "Description": "RestApi deployment id: 201b5a52ed6f40089c7e4d46db54f63bdd4dd157", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNameV2e12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*/*/*" + } + ], + "Version": "2012-10-17" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment201b5a52ed" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "DomainNameAccessAssociationf4f910dee7": { + "Properties": { + "AccessAssociationSource": { + "Ref": "VpcEndpointId" + }, + "AccessAssociationSourceType": "VPCE", + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + } + }, + "Type": "AWS::ApiGateway::DomainNameAccessAssociation" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Ref": "VpcEndpointDomainName" + }, + "HostedZoneId": { + "Ref": "VpcEndpointHostedZoneId" + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/api_with_custom_domain_security_policy_regional.json b/tests/translator/output/api_with_custom_domain_security_policy_regional.json new file mode 100644 index 0000000000..ca47621511 --- /dev/null +++ b/tests/translator/output/api_with_custom_domain_security_policy_regional.json @@ -0,0 +1,147 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeployment84a6e2abbb": { + "Properties": { + "Description": "RestApi deployment id: 84a6e2abbbe8b085641de8b944a7dd72a4d01764", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": { + "Ref": "MyCertificateArn" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment84a6e2abbb" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalDomainName" + ] + }, + "HostedZoneId": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalHostedZoneId" + ] + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/api_with_custom_domains_private.json b/tests/translator/output/api_with_custom_domains_private.json index 2e1e715fb3..81e7807af1 100644 --- a/tests/translator/output/api_with_custom_domains_private.json +++ b/tests/translator/output/api_with_custom_domains_private.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -116,9 +116,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeployment7c3b13a843": { + "MyApiDeployment3c30770aa3": { "Properties": { - "Description": "RestApi deployment id: 7c3b13a843cdd653d1310c6fd7881e8fe8e49da8", + "Description": "RestApi deployment id: 3c30770aa391b69cb92f7b4a5d5969d6f92ee5b4", "RestApiId": { "Ref": "MyApi" }, @@ -129,7 +129,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment7c3b13a843" + "Ref": "MyApiDeployment3c30770aa3" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/api_with_custom_domains_private_basePath.json b/tests/translator/output/api_with_custom_domains_private_basePath.json index 2c5ac9eb17..bdc4cdc9f1 100644 --- a/tests/translator/output/api_with_custom_domains_private_basePath.json +++ b/tests/translator/output/api_with_custom_domains_private_basePath.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -117,9 +117,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeploymente37f6c9943": { + "MyApiDeployment09c01d5525": { "Properties": { - "Description": "RestApi deployment id: e37f6c9943b5e1213efecf302864c9e775fcf695", + "Description": "RestApi deployment id: 09c01d5525be5534dba547e7bc84bad514d39efa", "RestApiId": { "Ref": "MyApi" }, @@ -145,7 +145,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymente37f6c9943" + "Ref": "MyApiDeployment09c01d5525" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/api_with_endpoint_access_mode.json b/tests/translator/output/api_with_endpoint_access_mode.json new file mode 100644 index 0000000000..c906946b24 --- /dev/null +++ b/tests/translator/output/api_with_endpoint_access_mode.json @@ -0,0 +1,82 @@ +{ + "Resources": { + "ApiInheritGlobals": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "BASIC", + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiInheritGlobalsDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiInheritGlobalsProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiInheritGlobalsDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ApiTopLevelOverride": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "STRICT", + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiTopLevelOverrideDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiTopLevelOverrideProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiTopLevelOverrideDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-cn/api_with_basic_custom_domain.json b/tests/translator/output/aws-cn/api_with_basic_custom_domain.json index 1935c13806..69279897f4 100644 --- a/tests/translator/output/aws-cn/api_with_basic_custom_domain.json +++ b/tests/translator/output/aws-cn/api_with_basic_custom_domain.json @@ -1,7 +1,7 @@ { "Parameters": { "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyDomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName23cdccdf9c": { "Properties": { - "CertificateArn": "my-api-cert-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert", "DomainName": "api-example.com", "EndpointConfiguration": { "Types": [ @@ -35,7 +35,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "another-api-arn" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -89,9 +89,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyAnotherApiDeployment989ae20f23": { + "MyAnotherApiDeployment3cfc497b28": { "Properties": { - "Description": "RestApi deployment id: 989ae20f23c53c333389afc4e570683e5665c797", + "Description": "RestApi deployment id: 3cfc497b28e6ce997c6b38e7e075d279472a251d", "RestApiId": { "Ref": "MyAnotherApi" } @@ -101,7 +101,7 @@ "MyAnotherApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyAnotherApiDeployment989ae20f23" + "Ref": "MyAnotherApiDeployment3cfc497b28" }, "RestApiId": { "Ref": "MyAnotherApi" @@ -158,9 +158,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment92d6d51a5e": { + "MyApiDeploymentba363842ba": { "Properties": { - "Description": "RestApi deployment id: 92d6d51a5e324a2836c79d3645d7e678f063037e", + "Description": "RestApi deployment id: ba363842ba3082ecc43b3a2192a1ddcbee7d0d3b", "RestApiId": { "Ref": "MyApi" } @@ -170,7 +170,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment92d6d51a5e" + "Ref": "MyApiDeploymentba363842ba" }, "RestApiId": { "Ref": "MyApi" @@ -395,9 +395,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ServerlessRestApiDeployment6aef2b756e": { + "ServerlessRestApiDeployment3692d3fb7e": { "Properties": { - "Description": "RestApi deployment id: 6aef2b756ee814f8722e71ca5e3f0d187e05aed5", + "Description": "RestApi deployment id: 3692d3fb7e66521c849d5791227bd3a08afc01f9", "RestApiId": { "Ref": "ServerlessRestApi" }, @@ -408,7 +408,7 @@ "ServerlessRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment6aef2b756e" + "Ref": "ServerlessRestApiDeployment3692d3fb7e" }, "RestApiId": { "Ref": "ServerlessRestApi" diff --git a/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics.json b/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics.json index 2305750398..c178525072 100644 --- a/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics.json +++ b/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUri": { @@ -41,7 +41,7 @@ "TruststoreUri": "another-api-truststore-uri", "TruststoreVersion": "another-api-truststore-version" }, - "RegionalCertificateArn": "another-api-arn", + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "SecurityPolicy": "TLS_1_2" }, "Type": "AWS::ApiGateway::DomainName" @@ -107,10 +107,10 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment4f2c19d290": { + "MyApiDeploymentcfcc371fea": { "Condition": "C1", "Properties": { - "Description": "RestApi deployment id: 4f2c19d290875d88d8e30124f0953f1784e1b54d", + "Description": "RestApi deployment id: cfcc371feadedbdfbcb28f9722fd26bb9cd74421", "RestApiId": { "Ref": "MyApi" } @@ -121,7 +121,7 @@ "Condition": "C1", "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment4f2c19d290" + "Ref": "MyApiDeploymentcfcc371fea" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json b/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json index 61d3d9bc03..20d46f0a10 100644 --- a/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json +++ b/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUriHTTP": { @@ -34,7 +34,7 @@ }, "DomainNameConfigurations": [ { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "EndpointType": "REGIONAL", "SecurityPolicy": "TLS_1_2" } diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53.json index 58fb319963..6202015307 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -58,9 +58,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeploymentfb330328f1": { + "MyApiDeployment869611ff66": { "Properties": { - "Description": "RestApi deployment id: fb330328f152e4bb4b7d68e8b976b009e0558035", + "Description": "RestApi deployment id: 869611ff66eac2f12f80b45836746ad857549e2c", "RestApiId": { "Ref": "MyApi" } @@ -70,7 +70,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymentfb330328f1" + "Ref": "MyApiDeployment869611ff66" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name.json index c5fe451e4a..5e4c5ee90e 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -58,9 +58,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment9239fa9a13": { + "MyApiDeployment2d4a76c7f1": { "Properties": { - "Description": "RestApi deployment id: 9239fa9a13216200ab5bf11c04507c61842a50a7", + "Description": "RestApi deployment id: 2d4a76c7f1effeb714d617714430e1983675accb", "RestApiId": { "Ref": "MyApi" } @@ -70,7 +70,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment9239fa9a13" + "Ref": "MyApiDeployment2d4a76c7f1" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name_http.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name_http.json index 98895e4b3e..3bd76c9e56 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name_http.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53_hosted_zone_name_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53_http.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53_http.json index 871cb5c974..79b9f1c6de 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53_http.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple.json index 5e64d4738f..18bafd7539 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple.json @@ -40,9 +40,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -53,7 +53,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -108,9 +108,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment7541e97159": { + "ApiGatewayAdminThreeDeployment30e2eaa7d5": { "Properties": { - "Description": "RestApi deployment id: 7541e971598cffe7cafab030d3fccc687d508f59", + "Description": "RestApi deployment id: 30e2eaa7d590e7a85c5ce8b5eb5926ffa28afc90", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -121,7 +121,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment7541e97159" + "Ref": "ApiGatewayAdminThreeDeployment30e2eaa7d5" }, "MethodSettings": [ { @@ -176,9 +176,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment61887a4eed": { + "ApiGatewayAdminTwoDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -189,7 +189,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment61887a4eed" + "Ref": "ApiGatewayAdminTwoDeployment43c6a2ef1d" }, "MethodSettings": [ { @@ -214,7 +214,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -226,7 +226,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -238,7 +238,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json b/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json index 087c720574..e2737cc655 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json +++ b/tests/translator/output/aws-cn/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json @@ -45,9 +45,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeployment066bb1ceae": { + "ApiGatewayAdminOneDeployment90f9e9bb3f": { "Properties": { - "Description": "RestApi deployment id: 066bb1ceaebd0cafae99258bbe7130af8b676372", + "Description": "RestApi deployment id: 90f9e9bb3ff69b4b71008da58841c770681ed84c", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -58,7 +58,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeployment066bb1ceae" + "Ref": "ApiGatewayAdminOneDeployment90f9e9bb3f" }, "MethodSettings": [ { @@ -113,9 +113,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment169349c1e9": { + "ApiGatewayAdminThreeDeployment127733f946": { "Properties": { - "Description": "RestApi deployment id: 169349c1e96a0f130ee35f7bb9d83b042c386d6f", + "Description": "RestApi deployment id: 127733f94631341b13b3d91531d39f307d0b4700", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -126,7 +126,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment169349c1e9" + "Ref": "ApiGatewayAdminThreeDeployment127733f946" }, "MethodSettings": [ { @@ -181,9 +181,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeploymentca2a75b5dd": { + "ApiGatewayAdminTwoDeployment19f5544fe4": { "Properties": { - "Description": "RestApi deployment id: ca2a75b5dd3713c71543e80f2b6f5aac9538ea9c", + "Description": "RestApi deployment id: 19f5544fe49037ecad607e6d0a584c3a252b6367", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -194,7 +194,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeploymentca2a75b5dd" + "Ref": "ApiGatewayAdminTwoDeployment19f5544fe4" }, "MethodSettings": [ { @@ -219,7 +219,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -231,7 +231,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -243,7 +243,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_edge.json b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_edge.json new file mode 100644 index 0000000000..67b32d5b9b --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_edge.json @@ -0,0 +1,142 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "EDGE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeploymentb4212ace49": { + "Properties": { + "Description": "RestApi deployment id: b4212ace4953ed4f1debfa33eda1b29707d537e1", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "SecurityPolicy": "SecurityPolicy_TLS13_2025_EDGE" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentb4212ace49" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "DistributionDomainName" + ] + }, + "HostedZoneId": "Z2FDTNDATAQYW2" + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_private.json b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_private.json new file mode 100644 index 0000000000..163ca73df2 --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_private.json @@ -0,0 +1,205 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + }, + "VpcEndpointDomainName": { + "Type": "String" + }, + "VpcEndpointHostedZoneId": { + "Type": "String" + }, + "VpcEndpointId": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0", + "x-amazon-apigateway-policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": [ + "execute-api:/*/*/*" + ] + } + ], + "Version": "2012-10-17" + } + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + { + "Ref": "VpcEndpointId" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "ApiDeployment201b5a52ed": { + "Properties": { + "Description": "RestApi deployment id: 201b5a52ed6f40089c7e4d46db54f63bdd4dd157", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNameV2e12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*/*/*" + } + ], + "Version": "2012-10-17" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment201b5a52ed" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "DomainNameAccessAssociationf4f910dee7": { + "Properties": { + "AccessAssociationSource": { + "Ref": "VpcEndpointId" + }, + "AccessAssociationSourceType": "VPCE", + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + } + }, + "Type": "AWS::ApiGateway::DomainNameAccessAssociation" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Ref": "VpcEndpointDomainName" + }, + "HostedZoneId": { + "Ref": "VpcEndpointHostedZoneId" + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_regional.json b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_regional.json new file mode 100644 index 0000000000..ca47621511 --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_custom_domain_security_policy_regional.json @@ -0,0 +1,147 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeployment84a6e2abbb": { + "Properties": { + "Description": "RestApi deployment id: 84a6e2abbbe8b085641de8b944a7dd72a4d01764", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": { + "Ref": "MyCertificateArn" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment84a6e2abbb" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalDomainName" + ] + }, + "HostedZoneId": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalHostedZoneId" + ] + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-cn/api_with_custom_domains_private.json b/tests/translator/output/aws-cn/api_with_custom_domains_private.json index 9aab6c8b98..a614f75a18 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domains_private.json +++ b/tests/translator/output/aws-cn/api_with_custom_domains_private.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -124,9 +124,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeployment7c3b13a843": { + "MyApiDeployment3c30770aa3": { "Properties": { - "Description": "RestApi deployment id: 7c3b13a843cdd653d1310c6fd7881e8fe8e49da8", + "Description": "RestApi deployment id: 3c30770aa391b69cb92f7b4a5d5969d6f92ee5b4", "RestApiId": { "Ref": "MyApi" }, @@ -137,7 +137,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment7c3b13a843" + "Ref": "MyApiDeployment3c30770aa3" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-cn/api_with_custom_domains_private_basePath.json b/tests/translator/output/aws-cn/api_with_custom_domains_private_basePath.json index befafd072e..89e9daef7d 100644 --- a/tests/translator/output/aws-cn/api_with_custom_domains_private_basePath.json +++ b/tests/translator/output/aws-cn/api_with_custom_domains_private_basePath.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -125,9 +125,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeploymente37f6c9943": { + "MyApiDeployment09c01d5525": { "Properties": { - "Description": "RestApi deployment id: e37f6c9943b5e1213efecf302864c9e775fcf695", + "Description": "RestApi deployment id: 09c01d5525be5534dba547e7bc84bad514d39efa", "RestApiId": { "Ref": "MyApi" }, @@ -153,7 +153,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymente37f6c9943" + "Ref": "MyApiDeployment09c01d5525" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-cn/api_with_endpoint_access_mode.json b/tests/translator/output/aws-cn/api_with_endpoint_access_mode.json new file mode 100644 index 0000000000..f0c892e72a --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_endpoint_access_mode.json @@ -0,0 +1,98 @@ +{ + "Resources": { + "ApiInheritGlobals": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "BASIC", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiInheritGlobalsDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiInheritGlobalsProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiInheritGlobalsDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ApiTopLevelOverride": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiTopLevelOverrideDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiTopLevelOverrideProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiTopLevelOverrideDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-cn/capacity_provider_global_with_functions.json b/tests/translator/output/aws-cn/capacity_provider_global_with_functions.json index 7014b43d26..cb8ad07016 100644 --- a/tests/translator/output/aws-cn/capacity_provider_global_with_functions.json +++ b/tests/translator/output/aws-cn/capacity_provider_global_with_functions.json @@ -224,7 +224,7 @@ "t2.small" ] }, - "KmsKeyArn": "some-kms-arn", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/some-kms-key", "PermissionsConfig": { "CapacityProviderOperatorRoleArn": { "Fn::GetAtt": [ diff --git a/tests/translator/output/aws-cn/function_with_alias_and_all_properties_property.json b/tests/translator/output/aws-cn/function_with_alias_and_all_properties_property.json index e1666ffa4c..8d76f32167 100644 --- a/tests/translator/output/aws-cn/function_with_alias_and_all_properties_property.json +++ b/tests/translator/output/aws-cn/function_with_alias_and_all_properties_property.json @@ -36,7 +36,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { @@ -74,7 +74,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "HashChangeFunctionVersiona1a9d4d1e4", + "HashChangeFunctionVersioncfc41a568e", "Version" ] }, @@ -82,7 +82,7 @@ }, "Type": "AWS::Lambda::Alias" }, - "HashChangeFunctionVersiona1a9d4d1e4": { + "HashChangeFunctionVersioncfc41a568e": { "DeletionPolicy": "Retain", "Properties": { "Description": "sam-testing", @@ -117,7 +117,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { diff --git a/tests/translator/output/aws-cn/function_with_kmskeyarn.json b/tests/translator/output/aws-cn/function_with_kmskeyarn.json index ee55a42ee4..bf4f595abe 100644 --- a/tests/translator/output/aws-cn/function_with_kmskeyarn.json +++ b/tests/translator/output/aws-cn/function_with_kmskeyarn.json @@ -7,7 +7,7 @@ "S3Key": "hello.zip" }, "Handler": "hello.handler", - "KmsKeyArn": "thisIsaKey", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/this-is-a-key", "Role": { "Fn::GetAtt": [ "FunctionWithKeyArnRole", @@ -62,7 +62,10 @@ }, "Handler": "hello.handler", "KmsKeyArn": { - "Ref": "myKey" + "Fn::GetAtt": [ + "myKey", + "Arn" + ] }, "Role": { "Fn::GetAtt": [ diff --git a/tests/translator/output/aws-cn/graphqlapi_ddb_datasource_all_properties.json b/tests/translator/output/aws-cn/graphqlapi_ddb_datasource_all_properties.json index bc0d10ac94..7b2f73d75a 100644 --- a/tests/translator/output/aws-cn/graphqlapi_ddb_datasource_all_properties.json +++ b/tests/translator/output/aws-cn/graphqlapi_ddb_datasource_all_properties.json @@ -78,7 +78,7 @@ "Versioned": true }, "Name": "AwesomeDataSourceName", - "ServiceRoleArn": "some-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-cn/graphqlapi_function_datasource_property.json b/tests/translator/output/aws-cn/graphqlapi_function_datasource_property.json index e5ded1b2c0..1ba3832c38 100644 --- a/tests/translator/output/aws-cn/graphqlapi_function_datasource_property.json +++ b/tests/translator/output/aws-cn/graphqlapi_function_datasource_property.json @@ -85,7 +85,7 @@ "TableName": "SomeTable" }, "Name": "InternalDataSource", - "ServiceRoleArn": "SomeRoleArn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/SomeRole", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-cn/graphqlapi_intrinsical_names.json b/tests/translator/output/aws-cn/graphqlapi_intrinsical_names.json index ce9b4f125f..a890157add 100644 --- a/tests/translator/output/aws-cn/graphqlapi_intrinsical_names.json +++ b/tests/translator/output/aws-cn/graphqlapi_intrinsical_names.json @@ -259,7 +259,7 @@ "Name": { "Ref": "LambdaDSName" }, - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-cn/graphqlapi_lambda_and_ddb_datasource.json b/tests/translator/output/aws-cn/graphqlapi_lambda_and_ddb_datasource.json index 0ba7d5503d..ac552f9166 100644 --- a/tests/translator/output/aws-cn/graphqlapi_lambda_and_ddb_datasource.json +++ b/tests/translator/output/aws-cn/graphqlapi_lambda_and_ddb_datasource.json @@ -72,7 +72,7 @@ "TableName": "some-table" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-ddb-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-ddb-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" @@ -89,7 +89,7 @@ "LambdaFunctionArn": "blah" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-lambda-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-lambda-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-cn/graphqlapi_logging_defined.json b/tests/translator/output/aws-cn/graphqlapi_logging_defined.json index b1457a95b3..5e3cdb0f4a 100644 --- a/tests/translator/output/aws-cn/graphqlapi_logging_defined.json +++ b/tests/translator/output/aws-cn/graphqlapi_logging_defined.json @@ -4,7 +4,7 @@ "Properties": { "AuthenticationType": "AWS_IAM", "LogConfig": { - "CloudWatchLogsRoleArn": "some-arn", + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/some-role", "ExcludeVerboseContent": true, "FieldLogLevel": "ERROR" }, diff --git a/tests/translator/output/aws-cn/graphqlapi_resolver_function_with_lambda_datasource.json b/tests/translator/output/aws-cn/graphqlapi_resolver_function_with_lambda_datasource.json index c6021bf371..d9750db0da 100644 --- a/tests/translator/output/aws-cn/graphqlapi_resolver_function_with_lambda_datasource.json +++ b/tests/translator/output/aws-cn/graphqlapi_resolver_function_with_lambda_datasource.json @@ -150,7 +150,7 @@ "LambdaFunctionArn": "my-lambda-arn" }, "Name": "PradsLambdaDataSource", - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-cn/http_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-cn/http_api_with_custom_domain_route53_multiple.json index 4027452a35..cf13665905 100644 --- a/tests/translator/output/aws-cn/http_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-cn/http_api_with_custom_domain_route53_multiple.json @@ -5,7 +5,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -20,7 +20,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -35,7 +35,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/httpapi_with_propagate_tags.json b/tests/translator/output/aws-cn/httpapi_with_propagate_tags.json index 750e4c43e3..177ae4c947 100644 --- a/tests/translator/output/aws-cn/httpapi_with_propagate_tags.json +++ b/tests/translator/output/aws-cn/httpapi_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/mixed_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-cn/mixed_api_with_custom_domain_route53_multiple.json index d9a5bb35ac..dcab2ea673 100644 --- a/tests/translator/output/aws-cn/mixed_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-cn/mixed_api_with_custom_domain_route53_multiple.json @@ -10,7 +10,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -19,7 +19,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -115,9 +115,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyRestApiDeployment61887a4eed": { + "MyRestApiDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "MyRestApi" }, @@ -128,7 +128,7 @@ "MyRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeployment61887a4eed" + "Ref": "MyRestApiDeployment43c6a2ef1d" }, "MethodSettings": [ { diff --git a/tests/translator/output/aws-cn/separate_route53_recordset_group.json b/tests/translator/output/aws-cn/separate_route53_recordset_group.json index 5575d8d714..dc0b636120 100644 --- a/tests/translator/output/aws-cn/separate_route53_recordset_group.json +++ b/tests/translator/output/aws-cn/separate_route53_recordset_group.json @@ -62,9 +62,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -75,7 +75,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -130,9 +130,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeploymentc2e9ae5463": { + "ApiGatewayAdminThreeDeployment6688e0289c": { "Properties": { - "Description": "RestApi deployment id: c2e9ae5463d31ad96611e5aab9b4ddd4fd7bde73", + "Description": "RestApi deployment id: 6688e0289c1446101169a6ba165a416cecf813b6", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -143,7 +143,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeploymentc2e9ae5463" + "Ref": "ApiGatewayAdminThreeDeployment6688e0289c" }, "MethodSettings": [ { @@ -200,10 +200,10 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment2a68098964": { + "ApiGatewayAdminTwoDeploymente4496c9f53": { "Condition": "CreateProdResources", "Properties": { - "Description": "RestApi deployment id: 2a6809896451eb172efffcdcd18396e1a83df12a", + "Description": "RestApi deployment id: e4496c9f5342d32f9172f98949d461d993b1c008", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -215,7 +215,7 @@ "Condition": "CreateProdResources", "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment2a68098964" + "Ref": "ApiGatewayAdminTwoDeploymente4496c9f53" }, "MethodSettings": [ { @@ -241,7 +241,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -253,7 +253,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -265,7 +265,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-cn/websocket_api_domain_globals.json b/tests/translator/output/aws-cn/websocket_api_domain_globals.json index 277001cb58..f59a3a789b 100644 --- a/tests/translator/output/aws-cn/websocket_api_domain_globals.json +++ b/tests/translator/output/aws-cn/websocket_api_domain_globals.json @@ -197,7 +197,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -212,7 +212,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/websocket_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-cn/websocket_api_with_custom_domain_route53_multiple.json index f271ca99bf..9c99358a21 100644 --- a/tests/translator/output/aws-cn/websocket_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-cn/websocket_api_with_custom_domain_route53_multiple.json @@ -293,7 +293,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -308,7 +308,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -323,7 +323,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-cn/websocket_api_with_propagate_tags.json b/tests/translator/output/aws-cn/websocket_api_with_propagate_tags.json index 050a80a359..3bef354bb0 100644 --- a/tests/translator/output/aws-cn/websocket_api_with_propagate_tags.json +++ b/tests/translator/output/aws-cn/websocket_api_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain.json b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain.json index cb40f36988..490609acbd 100644 --- a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain.json +++ b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain.json @@ -1,7 +1,7 @@ { "Parameters": { "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyDomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName23cdccdf9c": { "Properties": { - "CertificateArn": "my-api-cert-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/my-api-cert", "DomainName": "api-example.com", "EndpointConfiguration": { "Types": [ @@ -35,7 +35,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "another-api-arn" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -89,9 +89,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyAnotherApiDeploymenteb8302ec1b": { + "MyAnotherApiDeployment970c3666dd": { "Properties": { - "Description": "RestApi deployment id: eb8302ec1bd45ce6bb547e74633c4bbb3e503d4a", + "Description": "RestApi deployment id: 970c3666dd0c6659658c1a24ba7796c88da827eb", "RestApiId": { "Ref": "MyAnotherApi" } @@ -101,7 +101,7 @@ "MyAnotherApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyAnotherApiDeploymenteb8302ec1b" + "Ref": "MyAnotherApiDeployment970c3666dd" }, "RestApiId": { "Ref": "MyAnotherApi" @@ -158,9 +158,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeploymentb34773e43a": { + "MyApiDeploymenta319612f7c": { "Properties": { - "Description": "RestApi deployment id: b34773e43ad9a98f27deed4374d3a49449abd947", + "Description": "RestApi deployment id: a319612f7c30132f2bafe1cb54e3c0c8c68f7357", "RestApiId": { "Ref": "MyApi" } @@ -170,7 +170,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymentb34773e43a" + "Ref": "MyApiDeploymenta319612f7c" }, "RestApiId": { "Ref": "MyApi" @@ -395,9 +395,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ServerlessRestApiDeployment790a4e6aa6": { + "ServerlessRestApiDeploymentb01e805e49": { "Properties": { - "Description": "RestApi deployment id: 790a4e6aa6ad06f44702e52a66e5fec0cd96be99", + "Description": "RestApi deployment id: b01e805e4969455e2881aeaa374fedc9032b1c9a", "RestApiId": { "Ref": "ServerlessRestApi" }, @@ -408,7 +408,7 @@ "ServerlessRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment790a4e6aa6" + "Ref": "ServerlessRestApiDeploymentb01e805e49" }, "RestApiId": { "Ref": "ServerlessRestApi" diff --git a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics.json b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics.json index 142c16774d..2b6038fa17 100644 --- a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics.json +++ b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUri": { @@ -41,7 +41,7 @@ "TruststoreUri": "another-api-truststore-uri", "TruststoreVersion": "another-api-truststore-version" }, - "RegionalCertificateArn": "another-api-arn", + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "SecurityPolicy": "TLS_1_2" }, "Type": "AWS::ApiGateway::DomainName" @@ -107,10 +107,10 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment32e59613e2": { + "MyApiDeployment188c4b85ac": { "Condition": "C1", "Properties": { - "Description": "RestApi deployment id: 32e59613e2e02a1f1d264849167ea359f10342f0", + "Description": "RestApi deployment id: 188c4b85ac2dfb05b384d72c2a08e7c367fee50a", "RestApiId": { "Ref": "MyApi" } @@ -121,7 +121,7 @@ "Condition": "C1", "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment32e59613e2" + "Ref": "MyApiDeployment188c4b85ac" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json index 50100de2ba..52f20e098f 100644 --- a/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json +++ b/tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json @@ -13,7 +13,7 @@ "Type": "String" }, "MyDomainCert": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Type": "String" }, "MyMTLSUriHTTP": { @@ -34,7 +34,7 @@ }, "DomainNameConfigurations": [ { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "EndpointType": "REGIONAL", "SecurityPolicy": "TLS_1_2" } diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53.json index 6e16f44e90..cca18717fb 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -58,9 +58,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment1deeaff693": { + "MyApiDeployment1e82db2ccf": { "Properties": { - "Description": "RestApi deployment id: 1deeaff6933b892391de7a35e4cf92e79a47aea9", + "Description": "RestApi deployment id: 1e82db2ccf426c056a3e51fbe83470a63946f7df", "RestApiId": { "Ref": "MyApi" } @@ -70,7 +70,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment1deeaff693" + "Ref": "MyApiDeployment1e82db2ccf" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name.json index b5ed499103..851f96eb9d 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -12,7 +12,7 @@ "Resources": { "ApiGatewayDomainName0caaf24ab1": { "Properties": { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "DomainName": "example.com", "EndpointConfiguration": { "Types": [ @@ -58,9 +58,9 @@ }, "Type": "AWS::ApiGateway::RestApi" }, - "MyApiDeployment501f2306c4": { + "MyApiDeployment2f3d4ee739": { "Properties": { - "Description": "RestApi deployment id: 501f2306c4860ed198c3020aa43d453cdbdd6b7a", + "Description": "RestApi deployment id: 2f3d4ee7390466aa17a88f05c9e6ab1fa6caae06", "RestApiId": { "Ref": "MyApi" } @@ -70,7 +70,7 @@ "MyApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment501f2306c4" + "Ref": "MyApiDeployment2f3d4ee739" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name_http.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name_http.json index 2e47f2e153..926f402097 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name_http.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_hosted_zone_name_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_http.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_http.json index 412f0587a1..a3e26cd595 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_http.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_http.json @@ -1,7 +1,7 @@ { "Parameters": { "ACMCertificateArn": { - "Default": "cert-arn-in-us-east-1", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "Type": "String" }, "DomainName": { @@ -15,7 +15,7 @@ "DomainName": "example.com", "DomainNameConfigurations": [ { - "CertificateArn": "cert-arn-in-us-east-1", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc123", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple.json index 5e64d4738f..18bafd7539 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple.json @@ -40,9 +40,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -53,7 +53,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -108,9 +108,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment7541e97159": { + "ApiGatewayAdminThreeDeployment30e2eaa7d5": { "Properties": { - "Description": "RestApi deployment id: 7541e971598cffe7cafab030d3fccc687d508f59", + "Description": "RestApi deployment id: 30e2eaa7d590e7a85c5ce8b5eb5926ffa28afc90", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -121,7 +121,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment7541e97159" + "Ref": "ApiGatewayAdminThreeDeployment30e2eaa7d5" }, "MethodSettings": [ { @@ -176,9 +176,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment61887a4eed": { + "ApiGatewayAdminTwoDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -189,7 +189,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment61887a4eed" + "Ref": "ApiGatewayAdminTwoDeployment43c6a2ef1d" }, "MethodSettings": [ { @@ -214,7 +214,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -226,7 +226,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -238,7 +238,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json index 087c720574..e2737cc655 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json @@ -45,9 +45,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeployment066bb1ceae": { + "ApiGatewayAdminOneDeployment90f9e9bb3f": { "Properties": { - "Description": "RestApi deployment id: 066bb1ceaebd0cafae99258bbe7130af8b676372", + "Description": "RestApi deployment id: 90f9e9bb3ff69b4b71008da58841c770681ed84c", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -58,7 +58,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeployment066bb1ceae" + "Ref": "ApiGatewayAdminOneDeployment90f9e9bb3f" }, "MethodSettings": [ { @@ -113,9 +113,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeployment169349c1e9": { + "ApiGatewayAdminThreeDeployment127733f946": { "Properties": { - "Description": "RestApi deployment id: 169349c1e96a0f130ee35f7bb9d83b042c386d6f", + "Description": "RestApi deployment id: 127733f94631341b13b3d91531d39f307d0b4700", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -126,7 +126,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeployment169349c1e9" + "Ref": "ApiGatewayAdminThreeDeployment127733f946" }, "MethodSettings": [ { @@ -181,9 +181,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeploymentca2a75b5dd": { + "ApiGatewayAdminTwoDeployment19f5544fe4": { "Properties": { - "Description": "RestApi deployment id: ca2a75b5dd3713c71543e80f2b6f5aac9538ea9c", + "Description": "RestApi deployment id: 19f5544fe49037ecad607e6d0a584c3a252b6367", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -194,7 +194,7 @@ "ApiGatewayAdminTwoProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeploymentca2a75b5dd" + "Ref": "ApiGatewayAdminTwoDeployment19f5544fe4" }, "MethodSettings": [ { @@ -219,7 +219,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -231,7 +231,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -243,7 +243,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_edge.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_edge.json new file mode 100644 index 0000000000..67b32d5b9b --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_edge.json @@ -0,0 +1,142 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "EDGE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeploymentb4212ace49": { + "Properties": { + "Description": "RestApi deployment id: b4212ace4953ed4f1debfa33eda1b29707d537e1", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "EDGE" + ] + }, + "SecurityPolicy": "SecurityPolicy_TLS13_2025_EDGE" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentb4212ace49" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "DistributionDomainName" + ] + }, + "HostedZoneId": "Z2FDTNDATAQYW2" + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_private.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_private.json new file mode 100644 index 0000000000..163ca73df2 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_private.json @@ -0,0 +1,205 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + }, + "VpcEndpointDomainName": { + "Type": "String" + }, + "VpcEndpointHostedZoneId": { + "Type": "String" + }, + "VpcEndpointId": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0", + "x-amazon-apigateway-policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": [ + "execute-api:/*/*/*" + ] + } + ], + "Version": "2012-10-17" + } + }, + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ], + "VpcEndpointIds": [ + { + "Ref": "VpcEndpointId" + } + ] + }, + "Parameters": { + "endpointConfigurationTypes": "PRIVATE" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMappingV2" + }, + "ApiDeployment201b5a52ed": { + "Properties": { + "Description": "RestApi deployment id: 201b5a52ed6f40089c7e4d46db54f63bdd4dd157", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNameV2e12ae193a4": { + "Properties": { + "CertificateArn": { + "Ref": "MyCertificateArn" + }, + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "PRIVATE" + ] + }, + "Policy": { + "Statement": [ + { + "Action": "execute-api:Invoke", + "Condition": { + "StringEquals": { + "aws:SourceVpce": { + "Ref": "VpcEndpointId" + } + } + }, + "Effect": "Allow", + "Principal": "*", + "Resource": "execute-api:/*/*/*" + } + ], + "Version": "2012-10-17" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainNameV2" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment201b5a52ed" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "DomainNameAccessAssociationf4f910dee7": { + "Properties": { + "AccessAssociationSource": { + "Ref": "VpcEndpointId" + }, + "AccessAssociationSourceType": "VPCE", + "DomainNameArn": { + "Ref": "ApiGatewayDomainNameV2e12ae193a4" + } + }, + "Type": "AWS::ApiGateway::DomainNameAccessAssociation" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Ref": "VpcEndpointDomainName" + }, + "HostedZoneId": { + "Ref": "VpcEndpointHostedZoneId" + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_regional.json b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_regional.json new file mode 100644 index 0000000000..ca47621511 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_custom_domain_security_policy_regional.json @@ -0,0 +1,147 @@ +{ + "Metadata": { + "SamTransformTest": true + }, + "Parameters": { + "HostedZoneId": { + "Type": "String" + }, + "MyCertificateArn": { + "Type": "String" + }, + "MyDomainName": { + "Type": "String" + } + }, + "Resources": { + "Api": { + "Properties": { + "Body": { + "info": { + "title": "MockApi", + "version": "1.0" + }, + "paths": { + "/get": { + "get": { + "responses": { + "200": { + "description": "200 response" + } + }, + "x-amazon-apigateway-integration": { + "requestTemplates": { + "application/json": "{\"statusCode\": 200}" + }, + "responses": { + "default": { + "responseTemplates": { + "application/json": "{\"message\": \"Hello World\"}" + }, + "statusCode": "200" + } + }, + "type": "mock" + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiBasePathMapping": { + "Properties": { + "DomainName": { + "Ref": "ApiGatewayDomainNamee12ae193a4" + }, + "RestApiId": { + "Ref": "Api" + }, + "Stage": { + "Ref": "ApiProdStage" + } + }, + "Type": "AWS::ApiGateway::BasePathMapping" + }, + "ApiDeployment84a6e2abbb": { + "Properties": { + "Description": "RestApi deployment id: 84a6e2abbbe8b085641de8b944a7dd72a4d01764", + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayDomainNamee12ae193a4": { + "Properties": { + "DomainName": { + "Ref": "MyDomainName" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "RegionalCertificateArn": { + "Ref": "MyCertificateArn" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::DomainName" + }, + "ApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiDeployment84a6e2abbb" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "RecordSetGroup1194dea82a": { + "Properties": { + "HostedZoneId": { + "Ref": "HostedZoneId" + }, + "RecordSets": [ + { + "AliasTarget": { + "DNSName": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalDomainName" + ] + }, + "HostedZoneId": { + "Fn::GetAtt": [ + "ApiGatewayDomainNamee12ae193a4", + "RegionalHostedZoneId" + ] + } + }, + "Name": { + "Ref": "MyDomainName" + }, + "Type": "A" + } + ] + }, + "Type": "AWS::Route53::RecordSetGroup" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domains_private.json b/tests/translator/output/aws-us-gov/api_with_custom_domains_private.json index 9aab6c8b98..a614f75a18 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domains_private.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domains_private.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -124,9 +124,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeployment7c3b13a843": { + "MyApiDeployment3c30770aa3": { "Properties": { - "Description": "RestApi deployment id: 7c3b13a843cdd653d1310c6fd7881e8fe8e49da8", + "Description": "RestApi deployment id: 3c30770aa391b69cb92f7b4a5d5969d6f92ee5b4", "RestApiId": { "Ref": "MyApi" }, @@ -137,7 +137,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeployment7c3b13a843" + "Ref": "MyApiDeployment3c30770aa3" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-us-gov/api_with_custom_domains_private_basePath.json b/tests/translator/output/aws-us-gov/api_with_custom_domains_private_basePath.json index befafd072e..89e9daef7d 100644 --- a/tests/translator/output/aws-us-gov/api_with_custom_domains_private_basePath.json +++ b/tests/translator/output/aws-us-gov/api_with_custom_domains_private_basePath.json @@ -15,7 +15,7 @@ }, "Parameters": { "CertificateArn": { - "Default": "another-api-arn", + "Default": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "Description": "ARN of the ACM certificate for the domain", "Type": "String" }, @@ -33,7 +33,7 @@ "Resources": { "ApiGatewayDomainNameV27c603ed871": { "Properties": { - "CertificateArn": "another-api-arn", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/another-api-cert", "DomainName": "private.example.com", "EndpointConfiguration": { "Types": [ @@ -125,9 +125,9 @@ }, "Type": "AWS::ApiGateway::BasePathMappingV2" }, - "MyApiDeploymente37f6c9943": { + "MyApiDeployment09c01d5525": { "Properties": { - "Description": "RestApi deployment id: e37f6c9943b5e1213efecf302864c9e775fcf695", + "Description": "RestApi deployment id: 09c01d5525be5534dba547e7bc84bad514d39efa", "RestApiId": { "Ref": "MyApi" }, @@ -153,7 +153,7 @@ "MyApiprodStage": { "Properties": { "DeploymentId": { - "Ref": "MyApiDeploymente37f6c9943" + "Ref": "MyApiDeployment09c01d5525" }, "RestApiId": { "Ref": "MyApi" diff --git a/tests/translator/output/aws-us-gov/api_with_endpoint_access_mode.json b/tests/translator/output/aws-us-gov/api_with_endpoint_access_mode.json new file mode 100644 index 0000000000..f0c892e72a --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_endpoint_access_mode.json @@ -0,0 +1,98 @@ +{ + "Resources": { + "ApiInheritGlobals": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "BASIC", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiInheritGlobalsDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiInheritGlobalsProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiInheritGlobalsDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiInheritGlobals" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + }, + "ApiTopLevelOverride": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": {}, + "swagger": "2.0" + }, + "EndpointAccessMode": "STRICT", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "SecurityPolicy": "SecurityPolicy_TLS13_1_3_2025_09" + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiTopLevelOverrideDeployment5332c373d4": { + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiTopLevelOverrideProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiTopLevelOverrideDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "ApiTopLevelOverride" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-us-gov/capacity_provider_global_with_functions.json b/tests/translator/output/aws-us-gov/capacity_provider_global_with_functions.json index f83fbe01c5..12f0593931 100644 --- a/tests/translator/output/aws-us-gov/capacity_provider_global_with_functions.json +++ b/tests/translator/output/aws-us-gov/capacity_provider_global_with_functions.json @@ -224,7 +224,7 @@ "t2.small" ] }, - "KmsKeyArn": "some-kms-arn", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/some-kms-key", "PermissionsConfig": { "CapacityProviderOperatorRoleArn": { "Fn::GetAtt": [ diff --git a/tests/translator/output/aws-us-gov/function_with_alias_and_all_properties_property.json b/tests/translator/output/aws-us-gov/function_with_alias_and_all_properties_property.json index 4f3db3c19f..82d8d2b261 100644 --- a/tests/translator/output/aws-us-gov/function_with_alias_and_all_properties_property.json +++ b/tests/translator/output/aws-us-gov/function_with_alias_and_all_properties_property.json @@ -36,7 +36,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { @@ -74,7 +74,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "HashChangeFunctionVersiona1a9d4d1e4", + "HashChangeFunctionVersioncfc41a568e", "Version" ] }, @@ -82,7 +82,7 @@ }, "Type": "AWS::Lambda::Alias" }, - "HashChangeFunctionVersiona1a9d4d1e4": { + "HashChangeFunctionVersioncfc41a568e": { "DeletionPolicy": "Retain", "Properties": { "Description": "sam-testing", @@ -117,7 +117,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { diff --git a/tests/translator/output/aws-us-gov/function_with_kmskeyarn.json b/tests/translator/output/aws-us-gov/function_with_kmskeyarn.json index bbdee308a1..8998d91c86 100644 --- a/tests/translator/output/aws-us-gov/function_with_kmskeyarn.json +++ b/tests/translator/output/aws-us-gov/function_with_kmskeyarn.json @@ -7,7 +7,7 @@ "S3Key": "hello.zip" }, "Handler": "hello.handler", - "KmsKeyArn": "thisIsaKey", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/this-is-a-key", "Role": { "Fn::GetAtt": [ "FunctionWithKeyArnRole", @@ -62,7 +62,10 @@ }, "Handler": "hello.handler", "KmsKeyArn": { - "Ref": "myKey" + "Fn::GetAtt": [ + "myKey", + "Arn" + ] }, "Role": { "Fn::GetAtt": [ diff --git a/tests/translator/output/aws-us-gov/graphqlapi_ddb_datasource_all_properties.json b/tests/translator/output/aws-us-gov/graphqlapi_ddb_datasource_all_properties.json index bc0d10ac94..7b2f73d75a 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_ddb_datasource_all_properties.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_ddb_datasource_all_properties.json @@ -78,7 +78,7 @@ "Versioned": true }, "Name": "AwesomeDataSourceName", - "ServiceRoleArn": "some-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-us-gov/graphqlapi_function_datasource_property.json b/tests/translator/output/aws-us-gov/graphqlapi_function_datasource_property.json index e5ded1b2c0..1ba3832c38 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_function_datasource_property.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_function_datasource_property.json @@ -85,7 +85,7 @@ "TableName": "SomeTable" }, "Name": "InternalDataSource", - "ServiceRoleArn": "SomeRoleArn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/SomeRole", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-us-gov/graphqlapi_intrinsical_names.json b/tests/translator/output/aws-us-gov/graphqlapi_intrinsical_names.json index ce9b4f125f..a890157add 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_intrinsical_names.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_intrinsical_names.json @@ -259,7 +259,7 @@ "Name": { "Ref": "LambdaDSName" }, - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-us-gov/graphqlapi_lambda_and_ddb_datasource.json b/tests/translator/output/aws-us-gov/graphqlapi_lambda_and_ddb_datasource.json index 0ba7d5503d..ac552f9166 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_lambda_and_ddb_datasource.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_lambda_and_ddb_datasource.json @@ -72,7 +72,7 @@ "TableName": "some-table" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-ddb-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-ddb-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" @@ -89,7 +89,7 @@ "LambdaFunctionArn": "blah" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-lambda-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-lambda-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-us-gov/graphqlapi_logging_defined.json b/tests/translator/output/aws-us-gov/graphqlapi_logging_defined.json index b1457a95b3..5e3cdb0f4a 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_logging_defined.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_logging_defined.json @@ -4,7 +4,7 @@ "Properties": { "AuthenticationType": "AWS_IAM", "LogConfig": { - "CloudWatchLogsRoleArn": "some-arn", + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/some-role", "ExcludeVerboseContent": true, "FieldLogLevel": "ERROR" }, diff --git a/tests/translator/output/aws-us-gov/graphqlapi_resolver_function_with_lambda_datasource.json b/tests/translator/output/aws-us-gov/graphqlapi_resolver_function_with_lambda_datasource.json index c6021bf371..d9750db0da 100644 --- a/tests/translator/output/aws-us-gov/graphqlapi_resolver_function_with_lambda_datasource.json +++ b/tests/translator/output/aws-us-gov/graphqlapi_resolver_function_with_lambda_datasource.json @@ -150,7 +150,7 @@ "LambdaFunctionArn": "my-lambda-arn" }, "Name": "PradsLambdaDataSource", - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/aws-us-gov/http_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-us-gov/http_api_with_custom_domain_route53_multiple.json index 4027452a35..cf13665905 100644 --- a/tests/translator/output/aws-us-gov/http_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-us-gov/http_api_with_custom_domain_route53_multiple.json @@ -5,7 +5,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -20,7 +20,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -35,7 +35,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/httpapi_with_propagate_tags.json b/tests/translator/output/aws-us-gov/httpapi_with_propagate_tags.json index 750e4c43e3..177ae4c947 100644 --- a/tests/translator/output/aws-us-gov/httpapi_with_propagate_tags.json +++ b/tests/translator/output/aws-us-gov/httpapi_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/mixed_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-us-gov/mixed_api_with_custom_domain_route53_multiple.json index d9a5bb35ac..dcab2ea673 100644 --- a/tests/translator/output/aws-us-gov/mixed_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-us-gov/mixed_api_with_custom_domain_route53_multiple.json @@ -10,7 +10,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -19,7 +19,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -115,9 +115,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyRestApiDeployment61887a4eed": { + "MyRestApiDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "MyRestApi" }, @@ -128,7 +128,7 @@ "MyRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeployment61887a4eed" + "Ref": "MyRestApiDeployment43c6a2ef1d" }, "MethodSettings": [ { diff --git a/tests/translator/output/aws-us-gov/separate_route53_recordset_group.json b/tests/translator/output/aws-us-gov/separate_route53_recordset_group.json index 5575d8d714..dc0b636120 100644 --- a/tests/translator/output/aws-us-gov/separate_route53_recordset_group.json +++ b/tests/translator/output/aws-us-gov/separate_route53_recordset_group.json @@ -62,9 +62,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -75,7 +75,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -130,9 +130,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeploymentc2e9ae5463": { + "ApiGatewayAdminThreeDeployment6688e0289c": { "Properties": { - "Description": "RestApi deployment id: c2e9ae5463d31ad96611e5aab9b4ddd4fd7bde73", + "Description": "RestApi deployment id: 6688e0289c1446101169a6ba165a416cecf813b6", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -143,7 +143,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeploymentc2e9ae5463" + "Ref": "ApiGatewayAdminThreeDeployment6688e0289c" }, "MethodSettings": [ { @@ -200,10 +200,10 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment2a68098964": { + "ApiGatewayAdminTwoDeploymente4496c9f53": { "Condition": "CreateProdResources", "Properties": { - "Description": "RestApi deployment id: 2a6809896451eb172efffcdcd18396e1a83df12a", + "Description": "RestApi deployment id: e4496c9f5342d32f9172f98949d461d993b1c008", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -215,7 +215,7 @@ "Condition": "CreateProdResources", "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment2a68098964" + "Ref": "ApiGatewayAdminTwoDeploymente4496c9f53" }, "MethodSettings": [ { @@ -241,7 +241,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -253,7 +253,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -265,7 +265,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/aws-us-gov/websocket_api_domain_globals.json b/tests/translator/output/aws-us-gov/websocket_api_domain_globals.json index 2febb5012e..383f945cf9 100644 --- a/tests/translator/output/aws-us-gov/websocket_api_domain_globals.json +++ b/tests/translator/output/aws-us-gov/websocket_api_domain_globals.json @@ -197,7 +197,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -212,7 +212,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/websocket_api_with_custom_domain_route53_multiple.json b/tests/translator/output/aws-us-gov/websocket_api_with_custom_domain_route53_multiple.json index 496a7a673c..6117c8e3c8 100644 --- a/tests/translator/output/aws-us-gov/websocket_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/aws-us-gov/websocket_api_with_custom_domain_route53_multiple.json @@ -293,7 +293,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -308,7 +308,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -323,7 +323,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/aws-us-gov/websocket_api_with_propagate_tags.json b/tests/translator/output/aws-us-gov/websocket_api_with_propagate_tags.json index b1ffe6b574..5c67ed5cc1 100644 --- a/tests/translator/output/aws-us-gov/websocket_api_with_propagate_tags.json +++ b/tests/translator/output/aws-us-gov/websocket_api_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/capacity_provider_global_with_functions.json b/tests/translator/output/capacity_provider_global_with_functions.json index b938bc1459..936e27ca98 100644 --- a/tests/translator/output/capacity_provider_global_with_functions.json +++ b/tests/translator/output/capacity_provider_global_with_functions.json @@ -224,7 +224,7 @@ "t2.small" ] }, - "KmsKeyArn": "some-kms-arn", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/some-kms-key", "PermissionsConfig": { "CapacityProviderOperatorRoleArn": { "Fn::GetAtt": [ diff --git a/tests/translator/output/error_function_codeuri_unresolved_token.json b/tests/translator/output/error_function_codeuri_unresolved_token.json new file mode 100644 index 0000000000..19a256ab2f --- /dev/null +++ b/tests/translator/output/error_function_codeuri_unresolved_token.json @@ -0,0 +1,14 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "'CodeUri' is not a valid S3 Uri of the form 's3://bucket/key' with optional versionId query parameter." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. 'CodeUri' is not a valid S3 Uri of the form 's3://bucket/key' with optional versionId query parameter.", + "errors": [ + { + "errorMessage": "Resource with id [MyFunction] is invalid. 'CodeUri' is not a valid S3 Uri of the form 's3://bucket/key' with optional versionId query parameter." + } + ] +} diff --git a/tests/translator/output/error_function_event_destination_fn_if_malformed.json b/tests/translator/output/error_function_event_destination_fn_if_malformed.json new file mode 100644 index 0000000000..96051060ab --- /dev/null +++ b/tests/translator/output/error_function_event_destination_fn_if_malformed.json @@ -0,0 +1,14 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunctionEventInvokeConfig] is invalid. ", + "Malformed 'Destination' property: Fn::If requires 3 arguments." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunctionEventInvokeConfig] is invalid. Malformed 'Destination' property: Fn::If requires 3 arguments.", + "errors": [ + { + "errorMessage": "Resource with id [MyFunctionEventInvokeConfig] is invalid. Malformed 'Destination' property: Fn::If requires 3 arguments." + } + ] +} diff --git a/tests/translator/output/error_function_role_fn_if_malformed.json b/tests/translator/output/error_function_role_fn_if_malformed.json new file mode 100644 index 0000000000..656c9865eb --- /dev/null +++ b/tests/translator/output/error_function_role_fn_if_malformed.json @@ -0,0 +1,14 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Malformed 'Role' property: Fn::If requires 3 arguments." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Malformed 'Role' property: Fn::If requires 3 arguments.", + "errors": [ + { + "errorMessage": "Resource with id [MyFunction] is invalid. Malformed 'Role' property: Fn::If requires 3 arguments." + } + ] +} diff --git a/tests/translator/output/error_globals_api_with_stage_name.json b/tests/translator/output/error_globals_api_with_stage_name.json index 570d065c71..775a5a4830 100644 --- a/tests/translator/output/error_globals_api_with_stage_name.json +++ b/tests/translator/output/error_globals_api_with_stage_name.json @@ -4,7 +4,7 @@ "Number of errors found: 1. ", "'Globals' section is invalid. ", "'StageName' is not a supported property of 'Api'. ", - "Must be one of the following values - ['Auth', 'Name', 'DefinitionUri', 'CacheClusterEnabled', 'CacheClusterSize', 'MergeDefinitions', 'Variables', 'EndpointConfiguration', 'MethodSettings', 'BinaryMediaTypes', 'MinimumCompressionSize', 'Cors', 'GatewayResponses', 'AccessLogSetting', 'CanarySetting', 'TracingEnabled', 'OpenApiVersion', 'Domain', 'AlwaysDeploy', 'PropagateTags', 'SecurityPolicy']" + "Must be one of the following values - ['Auth', 'Name', 'DefinitionUri', 'CacheClusterEnabled', 'CacheClusterSize', 'MergeDefinitions', 'Variables', 'EndpointConfiguration', 'MethodSettings', 'BinaryMediaTypes', 'MinimumCompressionSize', 'Cors', 'GatewayResponses', 'AccessLogSetting', 'CanarySetting', 'TracingEnabled', 'OpenApiVersion', 'Domain', 'AlwaysDeploy', 'PropagateTags', 'SecurityPolicy', 'EndpointAccessMode']" ], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'StageName' is not a supported property of 'Api'. Must be one of the following values - ['Auth', 'Name', 'DefinitionUri', 'CacheClusterEnabled', 'CacheClusterSize', 'MergeDefinitions', 'Variables', 'EndpointConfiguration', 'MethodSettings', 'BinaryMediaTypes', 'MinimumCompressionSize', 'Cors', 'GatewayResponses', 'AccessLogSetting', 'CanarySetting', 'TracingEnabled', 'OpenApiVersion', 'Domain', 'AlwaysDeploy', 'PropagateTags', 'SecurityPolicy']" + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'StageName' is not a supported property of 'Api'. Must be one of the following values - ['Auth', 'Name', 'DefinitionUri', 'CacheClusterEnabled', 'CacheClusterSize', 'MergeDefinitions', 'Variables', 'EndpointConfiguration', 'MethodSettings', 'BinaryMediaTypes', 'MinimumCompressionSize', 'Cors', 'GatewayResponses', 'AccessLogSetting', 'CanarySetting', 'TracingEnabled', 'OpenApiVersion', 'Domain', 'AlwaysDeploy', 'PropagateTags', 'SecurityPolicy', 'EndpointAccessMode']" } diff --git a/tests/translator/output/error_globals_unsupported_type.json b/tests/translator/output/error_globals_unsupported_type.json index 31f2405042..7785908237 100644 --- a/tests/translator/output/error_globals_unsupported_type.json +++ b/tests/translator/output/error_globals_unsupported_type.json @@ -4,12 +4,12 @@ "Number of errors found: 1. ", "'Globals' section is invalid. ", "'NewType' is not supported. ", - "Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine']" + "Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine', 'WebSocketApi']" ], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'NewType' is not supported. Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine']", + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. 'Globals' section is invalid. 'NewType' is not supported. Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine', 'WebSocketApi']", "errors": [ { - "errorMessage": "'Globals' section is invalid. 'NewType' is not supported. Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine']" + "errorMessage": "'Globals' section is invalid. 'NewType' is not supported. Must be one of the following values - ['Api', 'CapacityProvider', 'Function', 'HttpApi', 'LayerVersion', 'SimpleTable', 'StateMachine', 'WebSocketApi']" } ] } diff --git a/tests/translator/output/error_http_api_invalid_lambda_auth.json b/tests/translator/output/error_http_api_invalid_lambda_auth.json index d4069a8928..6e636d4459 100644 --- a/tests/translator/output/error_http_api_invalid_lambda_auth.json +++ b/tests/translator/output/error_http_api_invalid_lambda_auth.json @@ -9,7 +9,7 @@ "Resource with id [MyApi3] is invalid. ", "Property 'Authorizers.LambdaAuth.EnableFunctionDefaultPermissions' should be a boolean. ", "Resource with id [MyApi4] is invalid. ", - "EnableFunctionDefaultPermissions must be defined only for Lambda Authorizer." + "EnableFunctionDefaultPermissions is only supported for Lambda Authorizer." ], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 4. Resource with id [MyApi1] is invalid. LambdaAuth Lambda Authorizer must define 'AuthorizerPayloadFormatVersion'. Resource with id [MyApi2] is invalid. LambdaAuth Lambda Authorizer must define 'FunctionArn'. Resource with id [MyApi3] is invalid. Property 'Authorizers.LambdaAuth.EnableFunctionDefaultPermissions' should be a boolean. Resource with id [MyApi4] is invalid. EnableFunctionDefaultPermissions must be defined only for Lambda Authorizer." + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 4. Resource with id [MyApi1] is invalid. LambdaAuth Lambda Authorizer must define 'AuthorizerPayloadFormatVersion'. Resource with id [MyApi2] is invalid. LambdaAuth Lambda Authorizer must define 'FunctionArn'. Resource with id [MyApi3] is invalid. Property 'Authorizers.LambdaAuth.EnableFunctionDefaultPermissions' should be a boolean. Resource with id [MyApi4] is invalid. EnableFunctionDefaultPermissions is only supported for Lambda Authorizer." } diff --git a/tests/translator/output/function_with_alias_and_all_properties_property.json b/tests/translator/output/function_with_alias_and_all_properties_property.json index a932c89cd9..2478975037 100644 --- a/tests/translator/output/function_with_alias_and_all_properties_property.json +++ b/tests/translator/output/function_with_alias_and_all_properties_property.json @@ -36,7 +36,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { @@ -74,7 +74,7 @@ }, "FunctionVersion": { "Fn::GetAtt": [ - "HashChangeFunctionVersiona1a9d4d1e4", + "HashChangeFunctionVersioncfc41a568e", "Version" ] }, @@ -82,7 +82,7 @@ }, "Type": "AWS::Lambda::Alias" }, - "HashChangeFunctionVersiona1a9d4d1e4": { + "HashChangeFunctionVersioncfc41a568e": { "DeletionPolicy": "Retain", "Properties": { "Description": "sam-testing", @@ -117,7 +117,7 @@ ], "Handler": "hello.handler", "KmsKeyArn": { - "Fn::Sub": "arn:${AWS::Partition}:key:key" + "Fn::Sub": "arn:${AWS::Partition}:kms:us-east-1:123456789012:key/my-key" }, "Layers": [ { diff --git a/tests/translator/output/function_with_kmskeyarn.json b/tests/translator/output/function_with_kmskeyarn.json index 7daff35285..9a7a95696a 100644 --- a/tests/translator/output/function_with_kmskeyarn.json +++ b/tests/translator/output/function_with_kmskeyarn.json @@ -7,7 +7,7 @@ "S3Key": "hello.zip" }, "Handler": "hello.handler", - "KmsKeyArn": "thisIsaKey", + "KmsKeyArn": "arn:aws:kms:us-east-1:123456789012:key/this-is-a-key", "Role": { "Fn::GetAtt": [ "FunctionWithKeyArnRole", @@ -62,7 +62,10 @@ }, "Handler": "hello.handler", "KmsKeyArn": { - "Ref": "myKey" + "Fn::GetAtt": [ + "myKey", + "Arn" + ] }, "Role": { "Fn::GetAtt": [ diff --git a/tests/translator/output/graphqlapi_ddb_datasource_all_properties.json b/tests/translator/output/graphqlapi_ddb_datasource_all_properties.json index bc0d10ac94..7b2f73d75a 100644 --- a/tests/translator/output/graphqlapi_ddb_datasource_all_properties.json +++ b/tests/translator/output/graphqlapi_ddb_datasource_all_properties.json @@ -78,7 +78,7 @@ "Versioned": true }, "Name": "AwesomeDataSourceName", - "ServiceRoleArn": "some-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/graphqlapi_function_datasource_property.json b/tests/translator/output/graphqlapi_function_datasource_property.json index e5ded1b2c0..1ba3832c38 100644 --- a/tests/translator/output/graphqlapi_function_datasource_property.json +++ b/tests/translator/output/graphqlapi_function_datasource_property.json @@ -85,7 +85,7 @@ "TableName": "SomeTable" }, "Name": "InternalDataSource", - "ServiceRoleArn": "SomeRoleArn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/SomeRole", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/graphqlapi_intrinsical_names.json b/tests/translator/output/graphqlapi_intrinsical_names.json index ce9b4f125f..a890157add 100644 --- a/tests/translator/output/graphqlapi_intrinsical_names.json +++ b/tests/translator/output/graphqlapi_intrinsical_names.json @@ -259,7 +259,7 @@ "Name": { "Ref": "LambdaDSName" }, - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/graphqlapi_lambda_and_ddb_datasource.json b/tests/translator/output/graphqlapi_lambda_and_ddb_datasource.json index 0ba7d5503d..ac552f9166 100644 --- a/tests/translator/output/graphqlapi_lambda_and_ddb_datasource.json +++ b/tests/translator/output/graphqlapi_lambda_and_ddb_datasource.json @@ -72,7 +72,7 @@ "TableName": "some-table" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-ddb-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-ddb-role", "Type": "AMAZON_DYNAMODB" }, "Type": "AWS::AppSync::DataSource" @@ -89,7 +89,7 @@ "LambdaFunctionArn": "blah" }, "Name": "MyDataSource", - "ServiceRoleArn": "my-lambda-role", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/my-lambda-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/graphqlapi_logging_defined.json b/tests/translator/output/graphqlapi_logging_defined.json index b1457a95b3..5e3cdb0f4a 100644 --- a/tests/translator/output/graphqlapi_logging_defined.json +++ b/tests/translator/output/graphqlapi_logging_defined.json @@ -4,7 +4,7 @@ "Properties": { "AuthenticationType": "AWS_IAM", "LogConfig": { - "CloudWatchLogsRoleArn": "some-arn", + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/some-role", "ExcludeVerboseContent": true, "FieldLogLevel": "ERROR" }, diff --git a/tests/translator/output/graphqlapi_resolver_function_with_lambda_datasource.json b/tests/translator/output/graphqlapi_resolver_function_with_lambda_datasource.json index c6021bf371..d9750db0da 100644 --- a/tests/translator/output/graphqlapi_resolver_function_with_lambda_datasource.json +++ b/tests/translator/output/graphqlapi_resolver_function_with_lambda_datasource.json @@ -150,7 +150,7 @@ "LambdaFunctionArn": "my-lambda-arn" }, "Name": "PradsLambdaDataSource", - "ServiceRoleArn": "some-role-arn", + "ServiceRoleArn": "arn:aws:iam::123456789012:role/some-role", "Type": "AWS_LAMBDA" }, "Type": "AWS::AppSync::DataSource" diff --git a/tests/translator/output/http_api_with_custom_domain_route53_multiple.json b/tests/translator/output/http_api_with_custom_domain_route53_multiple.json index 4027452a35..cf13665905 100644 --- a/tests/translator/output/http_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/http_api_with_custom_domain_route53_multiple.json @@ -5,7 +5,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -20,7 +20,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -35,7 +35,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/httpapi_with_propagate_tags.json b/tests/translator/output/httpapi_with_propagate_tags.json index 750e4c43e3..177ae4c947 100644 --- a/tests/translator/output/httpapi_with_propagate_tags.json +++ b/tests/translator/output/httpapi_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/mixed_api_with_custom_domain_route53_multiple.json b/tests/translator/output/mixed_api_with_custom_domain_route53_multiple.json index d9a5bb35ac..dcab2ea673 100644 --- a/tests/translator/output/mixed_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/mixed_api_with_custom_domain_route53_multiple.json @@ -10,7 +10,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -19,7 +19,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -115,9 +115,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "MyRestApiDeployment61887a4eed": { + "MyRestApiDeployment43c6a2ef1d": { "Properties": { - "Description": "RestApi deployment id: 61887a4eed03102402cbaa575b5b1e398b0dc647", + "Description": "RestApi deployment id: 43c6a2ef1d8b1c11ef2beb3f5a006b57a33d8b05", "RestApiId": { "Ref": "MyRestApi" }, @@ -128,7 +128,7 @@ "MyRestApiProdStage": { "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeployment61887a4eed" + "Ref": "MyRestApiDeployment43c6a2ef1d" }, "MethodSettings": [ { diff --git a/tests/translator/output/separate_route53_recordset_group.json b/tests/translator/output/separate_route53_recordset_group.json index 5575d8d714..dc0b636120 100644 --- a/tests/translator/output/separate_route53_recordset_group.json +++ b/tests/translator/output/separate_route53_recordset_group.json @@ -62,9 +62,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminOneDeploymentdd3f545183": { + "ApiGatewayAdminOneDeployment5f4fcb9347": { "Properties": { - "Description": "RestApi deployment id: dd3f545183668c401e771fd9a377cfeadcf88a35", + "Description": "RestApi deployment id: 5f4fcb9347315a0decaa8f0140aae89cde47f8d1", "RestApiId": { "Ref": "ApiGatewayAdminOne" }, @@ -75,7 +75,7 @@ "ApiGatewayAdminOneProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminOneDeploymentdd3f545183" + "Ref": "ApiGatewayAdminOneDeployment5f4fcb9347" }, "MethodSettings": [ { @@ -130,9 +130,9 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminThreeDeploymentc2e9ae5463": { + "ApiGatewayAdminThreeDeployment6688e0289c": { "Properties": { - "Description": "RestApi deployment id: c2e9ae5463d31ad96611e5aab9b4ddd4fd7bde73", + "Description": "RestApi deployment id: 6688e0289c1446101169a6ba165a416cecf813b6", "RestApiId": { "Ref": "ApiGatewayAdminThree" }, @@ -143,7 +143,7 @@ "ApiGatewayAdminThreeProdStage": { "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminThreeDeploymentc2e9ae5463" + "Ref": "ApiGatewayAdminThreeDeployment6688e0289c" }, "MethodSettings": [ { @@ -200,10 +200,10 @@ }, "Type": "AWS::ApiGateway::BasePathMapping" }, - "ApiGatewayAdminTwoDeployment2a68098964": { + "ApiGatewayAdminTwoDeploymente4496c9f53": { "Condition": "CreateProdResources", "Properties": { - "Description": "RestApi deployment id: 2a6809896451eb172efffcdcd18396e1a83df12a", + "Description": "RestApi deployment id: e4496c9f5342d32f9172f98949d461d993b1c008", "RestApiId": { "Ref": "ApiGatewayAdminTwo" }, @@ -215,7 +215,7 @@ "Condition": "CreateProdResources", "Properties": { "DeploymentId": { - "Ref": "ApiGatewayAdminTwoDeployment2a68098964" + "Ref": "ApiGatewayAdminTwoDeploymente4496c9f53" }, "MethodSettings": [ { @@ -241,7 +241,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -253,7 +253,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, @@ -265,7 +265,7 @@ "REGIONAL" ] }, - "RegionalCertificateArn": "arn::cert::abc" + "RegionalCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc" }, "Type": "AWS::ApiGateway::DomainName" }, diff --git a/tests/translator/output/websocket_api_domain_globals.json b/tests/translator/output/websocket_api_domain_globals.json index 54d7a467d1..1cf431fc25 100644 --- a/tests/translator/output/websocket_api_domain_globals.json +++ b/tests/translator/output/websocket_api_domain_globals.json @@ -197,7 +197,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -212,7 +212,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/websocket_api_with_custom_domain_route53_multiple.json b/tests/translator/output/websocket_api_with_custom_domain_route53_multiple.json index 97cfd2abee..d2cd714600 100644 --- a/tests/translator/output/websocket_api_with_custom_domain_route53_multiple.json +++ b/tests/translator/output/websocket_api_with_custom_domain_route53_multiple.json @@ -293,7 +293,7 @@ "DomainName": "admin.two.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -308,7 +308,7 @@ "DomainName": "admin.three.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], @@ -323,7 +323,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/output/websocket_api_with_propagate_tags.json b/tests/translator/output/websocket_api_with_propagate_tags.json index 2371764ee9..3ab837c2bf 100644 --- a/tests/translator/output/websocket_api_with_propagate_tags.json +++ b/tests/translator/output/websocket_api_with_propagate_tags.json @@ -5,7 +5,7 @@ "DomainName": "admin.one.amazon.com", "DomainNameConfigurations": [ { - "CertificateArn": "arn::cert::abc", + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/abc", "EndpointType": "REGIONAL" } ], diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 89840cae9f..c1c64e985b 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -1169,7 +1169,7 @@ def get_policy_mock(): def get_deployment_key(fragment): - logical_id, value = get_resource_by_type(fragment, "AWS::ApiGateway::Deployment") + logical_id, _value = get_resource_by_type(fragment, "AWS::ApiGateway::Deployment") return logical_id