feat: update L1 CloudFormation resource definitions #29053
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
aws-cdk-automation
force-pushed
the
automation/spec-update
branch
from
e38ff0c
to
cb2ce29
Compare
aws-cdk-automation
added
auto-approve
contribution/core
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
TheRealAmazonKendra
pushed a commit
that referenced
this pull request
Feb 9, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-acmpca
│ └ resources
│ └[~] resource AWS::ACMPCA::CertificateAuthority
│ └ types
│ ├[~] type CrlConfiguration
│ │ ├ - documentation: Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the *Enabled* parameter to `true` . Your private CA writes CRLs to an S3 bucket that you specify in the *S3BucketName* parameter. You can hide the name of your bucket by specifying a value for the *CustomCname* parameter. Your private CA copies the CNAME or the S3 bucket name to the *CRL Distribution Points* extension of each certificate it issues. Your S3 bucket policy must give write permission to AWS Private CA.
│ │ │ AWS Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see [Encrypting Your CRLs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption) .
│ │ │ Your private CA uses the value in the *ExpirationInDays* parameter to calculate the *nextUpdate* field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.
│ │ │ A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, AWS Private CA makes further attempts every 15 minutes.
│ │ │ CRLs contain the following fields:
│ │ │ - *Version* : The current version number defined in RFC 5280 is V2. The integer value is 0x1.
│ │ │ - *Signature Algorithm* : The name of the algorithm used to sign the CRL.
│ │ │ - *Issuer* : The X.500 distinguished name of your private CA that issued the CRL.
│ │ │ - *Last Update* : The issue date and time of this CRL.
│ │ │ - *Next Update* : The day and time by which the next CRL will be issued.
│ │ │ - *Revoked Certificates* : List of revoked certificates. Each list item contains the following information.
│ │ │ - *Serial Number* : The serial number, in hexadecimal format, of the revoked certificate.
│ │ │ - *Revocation Date* : Date and time the certificate was revoked.
│ │ │ - *CRL Entry Extensions* : Optional extensions for the CRL entry.
│ │ │ - *X509v3 CRL Reason Code* : Reason the certificate was revoked.
│ │ │ - *CRL Extensions* : Optional extensions for the CRL.
│ │ │ - *X509v3 Authority Key Identifier* : Identifies the public key associated with the private key used to sign the certificate.
│ │ │ - *X509v3 CRL Number:* : Decimal sequence number for the CRL.
│ │ │ - *Signature Algorithm* : Algorithm used by your private CA to sign the CRL.
│ │ │ - *Signature Value* : Signature computed over the CRL.
│ │ │ Certificate revocation lists created by AWS Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.
│ │ │ `openssl crl -inform DER -text -in *crl_path* -noout`
│ │ │ For more information, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html) in the *AWS Private Certificate Authority User Guide*
│ │ │ + documentation: Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the *Enabled* parameter to `true` . Your private CA writes CRLs to an S3 bucket that you specify in the *S3BucketName* parameter. You can hide the name of your bucket by specifying a value for the *CustomCname* parameter. Your private CA by default copies the CNAME or the S3 bucket name to the *CRL Distribution Points* extension of each certificate it issues. If you want to configure this default behavior to be something different, you can set the *CrlDistributionPointExtensionConfiguration* parameter. Your S3 bucket policy must give write permission to AWS Private CA.
│ │ │ AWS Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see [Encrypting Your CRLs](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption) .
│ │ │ Your private CA uses the value in the *ExpirationInDays* parameter to calculate the *nextUpdate* field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.
│ │ │ A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, AWS Private CA makes further attempts every 15 minutes.
│ │ │ CRLs contain the following fields:
│ │ │ - *Version* : The current version number defined in RFC 5280 is V2. The integer value is 0x1.
│ │ │ - *Signature Algorithm* : The name of the algorithm used to sign the CRL.
│ │ │ - *Issuer* : The X.500 distinguished name of your private CA that issued the CRL.
│ │ │ - *Last Update* : The issue date and time of this CRL.
│ │ │ - *Next Update* : The day and time by which the next CRL will be issued.
│ │ │ - *Revoked Certificates* : List of revoked certificates. Each list item contains the following information.
│ │ │ - *Serial Number* : The serial number, in hexadecimal format, of the revoked certificate.
│ │ │ - *Revocation Date* : Date and time the certificate was revoked.
│ │ │ - *CRL Entry Extensions* : Optional extensions for the CRL entry.
│ │ │ - *X509v3 CRL Reason Code* : Reason the certificate was revoked.
│ │ │ - *CRL Extensions* : Optional extensions for the CRL.
│ │ │ - *X509v3 Authority Key Identifier* : Identifies the public key associated with the private key used to sign the certificate.
│ │ │ - *X509v3 CRL Number:* : Decimal sequence number for the CRL.
│ │ │ - *Signature Algorithm* : Algorithm used by your private CA to sign the CRL.
│ │ │ - *Signature Value* : Signature computed over the CRL.
│ │ │ Certificate revocation lists created by AWS Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.
│ │ │ `openssl crl -inform DER -text -in *crl_path* -noout`
│ │ │ For more information, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html) in the *AWS Private Certificate Authority User Guide*
│ │ └ properties
│ │ └ CrlDistributionPointExtensionConfiguration: (documentation changed)
│ └[~] type CrlDistributionPointExtensionConfiguration
│ ├ - documentation: Configures the default behavior of the CRL Distribution Point extension for certificates issued by your certificate authority
│ │ + documentation: Contains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA. This extension contains a link to download the CRL, so you can check whether a certificate has been revoked. To choose whether you want this extension omitted or not in certificates issued by your CA, you can set the *OmitExtension* parameter.
│ └ properties
│ └ OmitExtension: (documentation changed)
├[~] service aws-amazonmq
│ └ resources
│ └[~] resource AWS::AmazonMQ::Broker
│ └ types
│ └[~] type User
│ └ properties
│ └ ReplicationUser: (documentation changed)
├[~] service aws-amplifyuibuilder
│ └ resources
│ ├[~] resource AWS::AmplifyUIBuilder::Component
│ │ ├ properties
│ │ │ ├ AppId: - string
│ │ │ │ + string (immutable)
│ │ │ ├ BindingProperties: - Map<string, ComponentBindingPropertiesValue> (required)
│ │ │ │ + Map<string, ComponentBindingPropertiesValue>
│ │ │ ├ ComponentType: - string (required)
│ │ │ │ + string
│ │ │ ├ EnvironmentName: - string
│ │ │ │ + string (immutable)
│ │ │ ├ Name: - string (required)
│ │ │ │ + string
│ │ │ ├ Overrides: - Map<string, Map<string, string>> ⇐ json (required)
│ │ │ │ + Map<string, Map<string, string>> ⇐ json
│ │ │ ├ Properties: - Map<string, ComponentProperty> (required)
│ │ │ │ + Map<string, ComponentProperty>
│ │ │ └ Variants: - Array<ComponentVariant> (required)
│ │ │ + Array<ComponentVariant>
│ │ ├ attributes
│ │ │ ├[+] CreatedAt: string
│ │ │ └[+] ModifiedAt: string
│ │ └ types
│ │ ├[~] type ComponentBindingPropertiesValueProperties
│ │ │ └ properties
│ │ │ └[+] SlotName: string
│ │ ├[~] type ComponentChild
│ │ │ └ properties
│ │ │ └[+] SourceId: string
│ │ ├[~] type ComponentEvent
│ │ │ └ properties
│ │ │ └[+] BindingEvent: string
│ │ └[~] type Predicate
│ │ └ properties
│ │ └[+] OperandType: string
│ ├[~] resource AWS::AmplifyUIBuilder::Form
│ │ ├ properties
│ │ │ ├ AppId: - string
│ │ │ │ + string (immutable)
│ │ │ ├ DataType: - FormDataTypeConfig (required)
│ │ │ │ + FormDataTypeConfig
│ │ │ ├ EnvironmentName: - string
│ │ │ │ + string (immutable)
│ │ │ ├ Fields: - Map<string, FieldConfig> (required)
│ │ │ │ + Map<string, FieldConfig>
│ │ │ ├ FormActionType: - string (required)
│ │ │ │ + string
│ │ │ ├ Name: - string (required)
│ │ │ │ + string
│ │ │ ├ SchemaVersion: - string (required)
│ │ │ │ + string
│ │ │ ├ SectionalElements: - Map<string, SectionalElement> (required)
│ │ │ │ + Map<string, SectionalElement>
│ │ │ └ Style: - FormStyle (required)
│ │ │ + FormStyle
│ │ └ types
│ │ ├[+] type FormInputBindingPropertiesValue
│ │ │ ├ documentation: Represents the data binding configuration for a form's input fields at runtime.You can use `FormInputBindingPropertiesValue` to add exposed properties to a form to allow different values to be entered when a form is reused in different places in an app.
│ │ │ │ name: FormInputBindingPropertiesValue
│ │ │ └ properties
│ │ │ ├Type: string
│ │ │ └BindingProperties: FormInputBindingPropertiesValueProperties
│ │ ├[+] type FormInputBindingPropertiesValueProperties
│ │ │ ├ documentation: Represents the data binding configuration for a specific property using data stored in AWS . For AWS connected properties, you can bind a property to data stored in an Amplify DataStore model.
│ │ │ │ name: FormInputBindingPropertiesValueProperties
│ │ │ └ properties
│ │ │ └Model: string
│ │ ├[~] type FormInputValueProperty
│ │ │ └ properties
│ │ │ ├[+] BindingProperties: FormInputValuePropertyBindingProperties
│ │ │ └[+] Concat: Array<FormInputValueProperty>
│ │ ├[+] type FormInputValuePropertyBindingProperties
│ │ │ ├ documentation: Associates a form property to a binding property. This enables exposed properties on the top level form to propagate data to the form's property values.
│ │ │ │ name: FormInputValuePropertyBindingProperties
│ │ │ └ properties
│ │ │ ├Property: string (required)
│ │ │ └Field: string
│ │ └[~] type ValueMappings
│ │ └ properties
│ │ └[+] BindingProperties: Map<string, FormInputBindingPropertiesValue>
│ └[~] resource AWS::AmplifyUIBuilder::Theme
│ ├ properties
│ │ ├ AppId: - string
│ │ │ + string (immutable)
│ │ ├ EnvironmentName: - string
│ │ │ + string (immutable)
│ │ ├ Name: - string (required)
│ │ │ + string
│ │ └ Values: - Array<ThemeValues> (required)
│ │ + Array<ThemeValues>
│ └ attributes
│ ├[+] CreatedAt: string
│ └[+] ModifiedAt: string
├[~] service aws-apigateway
│ └ resources
│ ├[~] resource AWS::ApiGateway::Deployment
│ │ └ types
│ │ └[~] type StageDescription
│ │ └ properties
│ │ └ CacheClusterEnabled: (documentation changed)
│ └[~] resource AWS::ApiGateway::Stage
│ └ properties
│ └ CacheClusterEnabled: (documentation changed)
├[~] service aws-appconfig
│ └ resources
│ ├[~] resource AWS::AppConfig::Environment
│ │ ├ properties
│ │ │ └ Monitors: - Array<Monitors>
│ │ │ + Array<Monitor> ⇐ Array<Monitors>
│ │ ├ attributes
│ │ │ └[+] EnvironmentId: string
│ │ └ types
│ │ ├[+] type Monitor
│ │ │ ├ documentation: Amazon CloudWatch alarms to monitor during the deployment process.
│ │ │ │ name: Monitor
│ │ │ └ properties
│ │ │ ├AlarmArn: string (required)
│ │ │ └AlarmRoleArn: string
│ │ ├[~] type Monitors
│ │ │ ├ - documentation: Amazon CloudWatch alarms to monitor during the deployment process.
│ │ │ │ + documentation: undefined
│ │ │ └ properties
│ │ │ ├ AlarmArn: (documentation changed)
│ │ │ └ AlarmRoleArn: (documentation changed)
│ │ └[~] type Tags
│ │ ├ - documentation: Metadata to assign to the environment. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.
│ │ │ + documentation: undefined
│ │ └ properties
│ │ ├ Key: (documentation changed)
│ │ └ Value: (documentation changed)
│ └[~] resource AWS::AppConfig::HostedConfigurationVersion
│ ├ properties
│ │ └ LatestVersionNumber: - number (immutable)
│ │ + integer ⇐ number (immutable)
│ └ attributes
│ └[+] VersionNumber: string
├[~] service aws-appsync
│ └ resources
│ └[~] resource AWS::AppSync::GraphQLApi
│ └ properties
│ └[+] EnvironmentVariables: json
├[~] service aws-autoscaling
│ └ resources
│ └[~] resource AWS::AutoScaling::AutoScalingGroup
│ └ types
│ ├[~] type InstanceMaintenancePolicy
│ │ └ properties
│ │ ├ MaxHealthyPercentage: (documentation changed)
│ │ └ MinHealthyPercentage: (documentation changed)
│ └[~] type InstanceRequirements
│ └ properties
│ ├ MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: (documentation changed)
│ ├ OnDemandMaxPricePercentageOverLowestPrice: (documentation changed)
│ └ SpotMaxPricePercentageOverLowestPrice: (documentation changed)
├[~] service aws-cassandra
│ └ resources
│ ├[~] resource AWS::Cassandra::Keyspace
│ │ └ types
│ │ └[~] type ReplicationSpecification
│ │ └ - documentation: You can use `ReplicationSpecification` to configure the `ReplicationStrategy` of a keyspace in Amazon Keyspaces.
│ │ The `ReplicationSpecification` property is `CreateOnly` and cannot be changed after the keyspace has been created. This property applies automatically to all tables in the keyspace.
│ │ For more information, see [Multi-Region Replication](https://docs.aws.amazon.com/keyspaces/latest/devguide/multiRegion-replication.html) in the *Amazon Keyspaces Developer Guide* .
│ │ + documentation: You can use `ReplicationSpecification` to configure the `ReplicationStrategy` of a keyspace in Amazon Keyspaces .
│ │ The `ReplicationSpecification` property is `CreateOnly` and cannot be changed after the keyspace has been created. This property applies automatically to all tables in the keyspace.
│ │ For more information, see [Multi-Region Replication](https://docs.aws.amazon.com/keyspaces/latest/devguide/multiRegion-replication.html) in the *Amazon Keyspaces Developer Guide* .
│ └[~] resource AWS::Cassandra::Table
│ ├ properties
│ │ ├[+] AutoScalingSpecifications: AutoScalingSpecification
│ │ ├ EncryptionSpecification: (documentation changed)
│ │ └[+] ReplicaSpecifications: Array<ReplicaSpecification>
│ └ types
│ ├[+] type AutoScalingSetting
│ │ ├ documentation: The optional auto scaling settings for a table with provisioned throughput capacity.
│ │ │ To turn on auto scaling for a table in `throughputMode:PROVISIONED` , you must specify the following parameters.
│ │ │ Configure the minimum and maximum capacity units. The auto scaling policy ensures that capacity never goes below the minimum or above the maximum range.
│ │ │ - `minimumUnits` : The minimum level of throughput the table should always be ready to support. The value must be between 1 and the max throughput per second quota for your account (40,000 by default).
│ │ │ - `maximumUnits` : The maximum level of throughput the table should always be ready to support. The value must be between 1 and the max throughput per second quota for your account (40,000 by default).
│ │ │ - `scalingPolicy` : Amazon Keyspaces supports the `target tracking` scaling policy. The auto scaling target is a percentage of the provisioned capacity of the table.
│ │ │ For more information, see [Managing throughput capacity automatically with Amazon Keyspaces auto scaling](https://docs.aws.amazon.com/keyspaces/latest/devguide/autoscaling.html) in the *Amazon Keyspaces Developer Guide* .
│ │ │ name: AutoScalingSetting
│ │ └ properties
│ │ ├AutoScalingDisabled: boolean (default=false)
│ │ ├MinimumUnits: integer
│ │ ├MaximumUnits: integer
│ │ └ScalingPolicy: ScalingPolicy
│ ├[+] type AutoScalingSpecification
│ │ ├ documentation: The optional auto scaling capacity settings for a table in provisioned capacity mode.
│ │ │ name: AutoScalingSpecification
│ │ └ properties
│ │ ├WriteCapacityAutoScaling: AutoScalingSetting
│ │ └ReadCapacityAutoScaling: AutoScalingSetting
│ ├[~] type Column
│ │ └ - documentation: The name and data type of an individual column in a table.
│ │ + documentation: The name and data type of an individual column in a table. In addition to the data type, you can also use the following two keywords:
│ │ - `STATIC` if the table has a clustering column. Static columns store values that are shared by all rows in the same partition.
│ │ - `FROZEN` for collection data types. In frozen collections the values of the collection are serialized into a single immutable value, and Amazon Keyspaces treats them like a `BLOB` .
│ ├[+] type ReplicaSpecification
│ │ ├ documentation: The AWS Region specific settings of a multi-Region table.
│ │ │ For a multi-Region table, you can configure the table's read capacity differently per AWS Region. You can do this by configuring the following parameters.
│ │ │ - `region` : The Region where these settings are applied. (Required)
│ │ │ - `readCapacityUnits` : The provisioned read capacity units. (Optional)
│ │ │ - `readCapacityAutoScaling` : The read capacity auto scaling settings for the table. (Optional)
│ │ │ name: ReplicaSpecification
│ │ └ properties
│ │ ├Region: string (required)
│ │ ├ReadCapacityUnits: integer
│ │ └ReadCapacityAutoScaling: AutoScalingSetting
│ ├[+] type ScalingPolicy
│ │ ├ documentation: Amazon Keyspaces supports the `target tracking` auto scaling policy. With this policy, Amazon Keyspaces auto scaling ensures that the table's ratio of consumed to provisioned capacity stays at or near the target value that you specify. You define the target value as a percentage between 20 and 90.
│ │ │ name: ScalingPolicy
│ │ └ properties
│ │ └TargetTrackingScalingPolicyConfiguration: TargetTrackingScalingPolicyConfiguration
│ └[+] type TargetTrackingScalingPolicyConfiguration
│ ├ documentation: Amazon Keyspaces supports the `target tracking` auto scaling policy for a provisioned table. This policy scales a table based on the ratio of consumed to provisioned capacity. The auto scaling target is a percentage of the provisioned capacity of the table.
│ │ - `targetTrackingScalingPolicyConfiguration` : To define the target tracking policy, you must define the target value.
│ │ - `targetValue` : The target utilization rate of the table. Amazon Keyspaces auto scaling ensures that the ratio of consumed capacity to provisioned capacity stays at or near this value. You define `targetValue` as a percentage. A `double` between 20 and 90. (Required)
│ │ - `disableScaleIn` : A `boolean` that specifies if `scale-in` is disabled or enabled for the table. This parameter is disabled by default. To turn on `scale-in` , set the `boolean` value to `FALSE` . This means that capacity for a table can be automatically scaled down on your behalf. (Optional)
│ │ - `scaleInCooldown` : A cooldown period in seconds between scaling activities that lets the table stabilize before another scale in activity starts. If no value is provided, the default is 0. (Optional)
│ │ - `scaleOutCooldown` : A cooldown period in seconds between scaling activities that lets the table stabilize before another scale out activity starts. If no value is provided, the default is 0. (Optional)
│ │ name: TargetTrackingScalingPolicyConfiguration
│ └ properties
│ ├DisableScaleIn: boolean
│ ├ScaleInCooldown: integer (default=0)
│ ├ScaleOutCooldown: integer (default=0)
│ └TargetValue: integer (required)
├[~] service aws-cloudfront
│ └ resources
│ ├[~] resource AWS::CloudFront::Distribution
│ │ └ types
│ │ └[~] type DefaultCacheBehavior
│ │ └ properties
│ │ └ FunctionAssociations: (documentation changed)
│ ├[~] resource AWS::CloudFront::Function
│ │ └ types
│ │ ├[~] type FunctionConfig
│ │ │ └ properties
│ │ │ └ KeyValueStoreAssociations: (documentation changed)
│ │ └[~] type KeyValueStoreAssociation
│ │ ├ - documentation: The Key Value Store association.
│ │ │ + documentation: The key value store association.
│ │ └ properties
│ │ └ KeyValueStoreARN: (documentation changed)
│ ├[~] resource AWS::CloudFront::KeyValueStore
│ │ ├ - documentation: The Key Value Store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The Key Value Store holds keys and their corresponding values.
│ │ │ + documentation: The key value store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The key value store holds keys and their corresponding values.
│ │ ├ properties
│ │ │ ├ Comment: (documentation changed)
│ │ │ ├ ImportSource: (documentation changed)
│ │ │ └ Name: (documentation changed)
│ │ ├ attributes
│ │ │ ├ Arn: (documentation changed)
│ │ │ ├ Id: (documentation changed)
│ │ │ └ Status: (documentation changed)
│ │ └ types
│ │ └[~] type ImportSource
│ │ ├ - documentation: The import source for the Key Value Store.
│ │ │ + documentation: The import source for the key value store.
│ │ └ properties
│ │ ├ SourceArn: (documentation changed)
│ │ └ SourceType: (documentation changed)
│ ├[~] resource AWS::CloudFront::OriginAccessControl
│ │ └ types
│ │ └[~] type OriginAccessControlConfig
│ │ └ properties
│ │ └ Name: (documentation changed)
│ ├[~] resource AWS::CloudFront::ResponseHeadersPolicy
│ │ └ types
│ │ └[~] type SecurityHeadersConfig
│ │ └ properties
│ │ └ StrictTransportSecurity: (documentation changed)
│ └[~] resource AWS::CloudFront::StreamingDistribution
│ └ attributes
│ └ Id: (documentation changed)
├[~] service aws-codebuild
│ └ resources
│ └[~] resource AWS::CodeBuild::Project
│ └ types
│ └[~] type ProjectFleet
│ ├ - documentation: undefined
│ │ + documentation: Information about the compute fleet of the build project. For more information, see [Working with reserved capacity in AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/fleets.html) .
│ └ properties
│ └ FleetArn: (documentation changed)
├[~] service aws-codestarnotifications
│ └ resources
│ └[~] resource AWS::CodeStarNotifications::NotificationRule
│ ├ - documentation: Creates a notification rule for a resource. The rule specifies the events you want notifications about and the targets (such as AWS Chatbot topics or AWS Chatbot clients configured for Slack) where you want to receive them.
│ │ + documentation: Creates a notification rule for a resource. The rule specifies the events you want notifications about and the targets (such as Amazon Simple Notification Service topics or AWS Chatbot clients configured for Slack) where you want to receive them.
│ ├ properties
│ │ ├ CreatedBy: (documentation changed)
│ │ ├ EventTypeId: (documentation changed)
│ │ ├ TargetAddress: (documentation changed)
│ │ └ Targets: (documentation changed)
│ └ types
│ └[~] type Target
│ └ properties
│ └ TargetType: (documentation changed)
├[~] service aws-cognito
│ └ resources
│ ├[~] resource AWS::Cognito::IdentityPool
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::IdentityPoolRoleAttachment
│ │ └ types
│ │ └[~] type RoleMapping
│ │ ├ - documentation: `RoleMapping` is a property of the [AWS::Cognito::IdentityPoolRoleAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html) resource that defines the role-mapping attributes of an Amazon Cognito identity pool.
│ │ │ + documentation: One of a set of `RoleMappings` , a property of the [AWS::Cognito::IdentityPoolRoleAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html) resource that defines the role-mapping attributes of an Amazon Cognito identity pool.
│ │ └ properties
│ │ ├ AmbiguousRoleResolution: (documentation changed)
│ │ └ Type: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPool
│ │ ├ properties
│ │ │ └ DeletionProtection: (documentation changed)
│ │ └ types
│ │ ├[~] type LambdaConfig
│ │ │ └ properties
│ │ │ └ PreTokenGenerationConfig: (documentation changed)
│ │ └[~] type PreTokenGenerationConfig
│ │ ├ - documentation: undefined
│ │ │ + documentation: The properties of a pre token generation Lambda trigger.
│ │ └ properties
│ │ ├ LambdaArn: (documentation changed)
│ │ └ LambdaVersion: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolClient
│ │ └ attributes
│ │ └ ClientId: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolDomain
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolIdentityProvider
│ │ ├ properties
│ │ │ ├ AttributeMapping: - Map<string, string> ⇐ json
│ │ │ │ + json
│ │ │ └ ProviderDetails: - Map<string, string> ⇐ json (required)
│ │ │ + json
│ │ │ (documentation changed)
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolResourceServer
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolRiskConfigurationAttachment
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::Cognito::UserPoolUICustomizationAttachment
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ └[~] resource AWS::Cognito::UserPoolUser
│ └ properties
│ └ ClientMetadata: (documentation changed)
├[~] service aws-datasync
│ └ resources
│ └[~] resource AWS::DataSync::Task
│ └ properties
│ └ TaskReportConfig: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ └ types
│ │ └[~] type KinesisStreamSpecification
│ │ └ properties
│ │ └[+] ApproximateCreationDateTimePrecision: string
│ └[~] resource AWS::DynamoDB::Table
│ └ types
│ └[~] type KinesisStreamSpecification
│ └ properties
│ └[+] ApproximateCreationDateTimePrecision: string
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::ClientVpnEndpoint
│ │ ├ properties
│ │ │ └[+] ClientRouteMonitoringOptions: ClientRouteMonitoringOptions
│ │ └ types
│ │ └[+] type ClientRouteMonitoringOptions
│ │ ├ name: ClientRouteMonitoringOptions
│ │ └ properties
│ │ └Enabled: boolean
│ ├[~] resource AWS::EC2::EC2Fleet
│ │ └ types
│ │ └[~] type InstanceRequirementsRequest
│ │ └ properties
│ │ ├ OnDemandMaxPricePercentageOverLowestPrice: (documentation changed)
│ │ └ SpotMaxPricePercentageOverLowestPrice: (documentation changed)
│ ├[~] resource AWS::EC2::Instance
│ │ └ types
│ │ ├[~] type ElasticGpuSpecification
│ │ │ └ - documentation: Specifies the type of Elastic GPU. An Elastic GPU is a GPU resource that you can attach to your Amazon EC2 instance to accelerate the graphics performance of your applications. For more information, see [Amazon EC2 Elastic GPUs](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) in the *Amazon EC2 User Guide for Windows Instances* .
│ │ │ `ElasticGpuSpecification` is a property of the [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) resource.
│ │ │ + documentation: > Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.
│ │ │ Specifies the type of Elastic GPU. An Elastic GPU is a GPU resource that you can attach to your Amazon EC2 instance to accelerate the graphics performance of your applications. For more information, see [Amazon EC2 Elastic GPUs](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) in the *Amazon EC2 User Guide for Windows Instances* .
│ │ │ `ElasticGpuSpecification` is a property of the [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) resource.
│ │ └[~] type NetworkInterface
│ │ └ properties
│ │ └ AssociatePublicIpAddress: (documentation changed)
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ ├[~] type ElasticGpuSpecification
│ │ │ └ - documentation: Specifies a specification for an Elastic GPU for an Amazon EC2 launch template.
│ │ │ `ElasticGpuSpecification` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) .
│ │ │ + documentation: > Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.
│ │ │ Specifies a specification for an Elastic GPU for an Amazon EC2 launch template.
│ │ │ `ElasticGpuSpecification` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html) .
│ │ ├[~] type InstanceRequirements
│ │ │ └ properties
│ │ │ ├[+] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer
│ │ │ ├ OnDemandMaxPricePercentageOverLowestPrice: (documentation changed)
│ │ │ └ SpotMaxPricePercentageOverLowestPrice: (documentation changed)
│ │ └[~] type NetworkInterface
│ │ └ properties
│ │ └ AssociatePublicIpAddress: (documentation changed)
│ ├[~] resource AWS::EC2::SecurityGroupIngress
│ │ └ attributes
│ │ └ Id: (documentation changed)
│ ├[~] resource AWS::EC2::SpotFleet
│ │ └ types
│ │ ├[~] type InstanceNetworkInterfaceSpecification
│ │ │ └ properties
│ │ │ └ AssociatePublicIpAddress: (documentation changed)
│ │ └[~] type InstanceRequirementsRequest
│ │ └ properties
│ │ ├ OnDemandMaxPricePercentageOverLowestPrice: (documentation changed)
│ │ └ SpotMaxPricePercentageOverLowestPrice: (documentation changed)
│ ├[~] resource AWS::EC2::Subnet
│ │ └ properties
│ │ └ MapPublicIpOnLaunch: (documentation changed)
│ ├[~] resource AWS::EC2::VPC
│ │ └ - documentation: Specifies a virtual private cloud (VPC).
│ │ You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
│ │ For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide* .
│ │ + documentation: Specifies a virtual private cloud (VPC).
│ │ To add an IPv6 CIDR block to the VPC, see [AWS::EC2::VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html) .
│ │ For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide* .
│ └[~] resource AWS::EC2::VPCCidrBlock
│ └ - documentation: Associates a CIDR block with your VPC. You can only associate a single IPv6 CIDR block with your VPC.
│ For more information about associating CIDR blocks with your VPC and applicable restrictions, see [VPC and Subnet Sizing](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) in the *Amazon VPC User Guide* .
│ + documentation: Associates a CIDR block with your VPC.
│ You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
│ For more information, see [VPC CIDR blocks](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html) in the *Amazon VPC User Guide* .
├[~] service aws-ecs
│ └ resources
│ ├[~] resource AWS::ECS::Service
│ │ └ types
│ │ └[~] type LoadBalancer
│ │ └ properties
│ │ └ ContainerName: (documentation changed)
│ ├[~] resource AWS::ECS::TaskDefinition
│ │ └ types
│ │ ├[~] type ContainerDefinition
│ │ │ └ properties
│ │ │ ├[+] CredentialSpecs: Array<string>
│ │ │ └ SystemControls: (documentation changed)
│ │ ├[~] type EphemeralStorage
│ │ │ └ - documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate . For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for AWS Fargate* .
│ │ │ > For tasks using the Fargate launch type, the task requires the following platforms:
│ │ │ >
│ │ │ > - Linux platform version `1.4.0` or later.
│ │ │ > - Windows platform version `1.0.0` or later.
│ │ │ + documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate . For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon ECS Developer Guide;* .
│ │ │ > For tasks using the Fargate launch type, the task requires the following platforms:
│ │ │ >
│ │ │ > - Linux platform version `1.4.0` or later.
│ │ │ > - Windows platform version `1.0.0` or later.
│ │ └[~] type SystemControl
│ │ └ - documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the `--sysctl` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) .
│ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task. This task also uses either the `awsvpc` or `host` network mode. It does it for the following reasons.
│ │ - For tasks that use the `awsvpc` network mode, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect.
│ │ - For tasks that use the `host` network mode, the `systemControls` parameter applies to the container instance's kernel parameter and that of all containers of any tasks running on that container instance.
│ │ + documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the `--sysctl` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections.
│ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages:
│ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect.
│ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported.
│ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) .
│ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported.
│ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task.
│ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate.
│ └[~] resource AWS::ECS::TaskSet
│ └ types
│ └[~] type LoadBalancer
│ └ properties
│ └ ContainerName: (documentation changed)
├[~] service aws-efs
│ └ resources
│ └[~] resource AWS::EFS::FileSystem
│ └ properties
│ └ PerformanceMode: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│ ├[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│ │ └ properties
│ │ ├ SubnetMappings: (documentation changed)
│ │ └ Subnets: (documentation changed)
│ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup
│ └ types
│ └[~] type TargetGroupAttribute
│ └ properties
│ └ Key: (documentation changed)
├[~] service aws-fis
│ └ resources
│ └[~] resource AWS::FIS::ExperimentTemplate
│ ├ - documentation: Describes an experiment template.
│ │ + documentation: Specifies an experiment template.
│ │ An experiment template includes the following components:
│ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags.
│ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment.
│ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm.
│ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* .
│ └ types
│ ├[~] type ExperimentTemplateAction
│ │ └ - documentation: Describes an action for an experiment template.
│ │ + documentation: Specifies an action for an experiment template.
│ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* .
│ ├[~] type ExperimentTemplateLogConfiguration
│ │ ├ - documentation: Describes the configuration for experiment logging.
│ │ │ + documentation: Specifies the configuration for experiment logging.
│ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* .
│ │ └ properties
│ │ ├ CloudWatchLogsConfiguration: (documentation changed)
│ │ └ S3Configuration: (documentation changed)
│ ├[~] type ExperimentTemplateStopCondition
│ │ └ - documentation: Describes a stop condition for an experiment template.
│ │ + documentation: Specifies a stop condition for an experiment template.
│ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* .
│ ├[~] type ExperimentTemplateTarget
│ │ ├ - documentation: Describes a target for an experiment template.
│ │ │ + documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags.
│ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* .
│ │ └ properties
│ │ └ Parameters: (documentation changed)
│ └[~] type ExperimentTemplateTargetFilter
│ └ - documentation: Describes a filter used for the target resources in an experiment template.
│ + documentation: Specifies a filter used for the target resource input in an experiment template.
│ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* .
├[~] service aws-fsx
│ └ resources
│ ├[~] resource AWS::FSx::DataRepositoryAssociation
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ ├[~] resource AWS::FSx::FileSystem
│ │ ├ properties
│ │ │ ├ StorageCapacity: (documentation changed)
│ │ │ └ Tags: (documentation changed)
│ │ └ types
│ │ ├[~] type LustreConfiguration
│ │ │ └ properties
│ │ │ └ CopyTagsToBackups: (documentation changed)
│ │ └[~] type OntapConfiguration
│ │ └ properties
│ │ ├ HAPairs: (documentation changed)
│ │ └ ThroughputCapacityPerHAPair: (documentation changed)
│ ├[~] resource AWS::FSx::Snapshot
│ │ └ properties
│ │ └ Tags: (documentation changed)
│ └[~] resource AWS::FSx::StorageVirtualMachine
│ ├ properties
│ │ ├ RootVolumeSecurityStyle: (documentation changed)
│ │ └ Tags: (documentation changed)
│ └ types
│ ├[~] type ActiveDirectoryConfiguration
│ │ ├ - documentation: Describes the self-managed Microsoft Active Directory to which you want to join the SVM. Joining an Active Directory provides user authentication and access control for SMB clients, including Microsoft Windows and macOS client accessing the file system.
│ │ │ + documentation: Describes the self-managed Microsoft Active Directory to which you want to join the SVM. Joining an Active Directory provides user authentication and access control for SMB clients, including Microsoft Windows and macOS clients accessing the file system.
│ │ └ properties
│ │ └ SelfManagedActiveDirectoryConfiguration: (documentation changed)
│ └[~] type SelfManagedActiveDirectoryConfiguration
│ └ - documentation: The configuration that Amazon FSx uses to join a FSx for Windows File Server file system or an FSx for ONTAP storage virtual machine (SVM) to a self-managed (including on-premises) Microsoft Active Directory (AD) directory. For more information, see [Using Amazon FSx for Windows with your self-managed Microsoft Active Directory](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html) or [Managing FSx for ONTAP SVMs](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-svms.html) .
│ + documentation: The configuration that Amazon FSx uses to join the ONTAP storage virtual machine (SVM) to your self-managed (including on-premises) Microsoft Active Directory directory.
├[~] service aws-glue
│ └ resources
│ └[+] resource AWS::Glue::TableOptimizer
│ ├ name: TableOptimizer
│ │ cloudFormationType: AWS::Glue::TableOptimizer
│ │ documentation: Resource Type definition for AWS::Glue::TableOptimizer
│ ├ properties
│ │ ├DatabaseName: string (required, immutable)
│ │ ├TableName: string (required, immutable)
│ │ ├Type: string (required, immutable)
│ │ ├TableOptimizerConfiguration: TableOptimizerConfiguration (required)
│ │ └CatalogId: string (required, immutable)
│ ├ attributes
│ │ └Id: string
│ └ types
│ └type TableOptimizerConfiguration
│ ├ name: TableOptimizerConfiguration
│ └ properties
│ ├Enabled: boolean
│ └RoleArn: string
├[~] service aws-guardduty
│ └ resources
│ └[~] resource AWS::GuardDuty::Filter
│ └ attributes
│ └[-] Id: string
├[~] service aws-inspectorv2
│ └ resources
│ └[+] resource AWS::InspectorV2::CisScanConfiguration
│ ├ name: CisScanConfiguration
│ │ cloudFormationType: AWS::InspectorV2::CisScanConfiguration
│ │ documentation: The CIS scan configuration.
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ ├ properties
│ │ ├ScanName: string
│ │ ├SecurityLevel: string
│ │ ├Schedule: Schedule
│ │ ├Targets: CisTargets
│ │ └Tags: Map<string, string>
│ ├ attributes
│ │ └Arn: string
│ └ types
│ ├type Schedule
│ │├ documentation: The schedule the CIS scan configuration runs on. Each CIS scan configuration has exactly one type of schedule.
│ ││ name: Schedule
│ │└ properties
│ │ ├OneTime: json
│ │ ├Daily: DailySchedule
│ │ ├Weekly: WeeklySchedule
│ │ └Monthly: MonthlySchedule
│ ├type DailySchedule
│ │├ documentation: A daily schedule.
│ ││ name: DailySchedule
│ │└ properties
│ │ └StartTime: Time (required)
│ ├type Time
│ │├ documentation: The time.
│ ││ name: Time
│ │└ properties
│ │ ├TimeOfDay: string (required)
│ │ └TimeZone: string (required)
│ ├type WeeklySchedule
│ │├ documentation: A weekly schedule.
│ ││ name: WeeklySchedule
│ │└ properties
│ │ ├StartTime: Time (required)
│ │ └Days: Array<string> (required)
│ ├type MonthlySchedule
│ │├ documentation: A monthly schedule.
│ ││ name: MonthlySchedule
│ │└ properties
│ │ ├StartTime: Time (required)
│ │ └Day: string (required)
│ └type CisTargets
│ ├ documentation: The CIS targets.
│ │ name: CisTargets
│ └ properties
│ ├AccountIds: Array<string> (required)
│ └TargetResourceTags: Map<string, Array<string>>
├[~] service aws-internetmonitor
│ └ resources
│ └[~] resource AWS::InternetMonitor::Monitor
│ └ types
│ ├[~] type InternetMeasurementsLogDelivery
│ │ └ properties
│ │ └ S3Config: (documentation changed)
│ └[~] type S3Config
│ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise.
│ │ The measurements are also published to Amazon CloudWatch Logs.
│ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.
│ └ properties
│ ├ BucketName: (documentation changed)
│ ├ BucketPrefix: (documentation changed)
│ └ LogDeliveryStatus: (documentation changed)
├[~] service aws-iot
│ └ resources
│ └[~] resource AWS::IoT::DomainConfiguration
│ ├ properties
│ │ └[+] ServerCertificateConfig: ServerCertificateConfig
│ └ types
│ └[+] type ServerCertificateConfig
│ ├ name: ServerCertificateConfig
│ └ properties
│ └EnableOCSPCheck: boolean
├[~] service aws-iotwireless
│ └ resources
│ ├[~] resource AWS::IoTWireless::PartnerAccount
│ │ └ properties
│ │ └ SidewalkResponse: (documentation changed)
│ └[~] resource AWS::IoTWireless::WirelessDevice
│ └ types
│ ├[~] type AbpV10x
│ │ ├ - documentation: undefined
│ │ │ + documentation: ABP device object for LoRaWAN specification v1.0.x
│ │ └ properties
│ │ ├ DevAddr: (documentation changed)
│ │ └ SessionKeys: (documentation changed)
│ ├[~] type LoRaWANDevice
│ │ └ properties
│ │ └ AbpV10x: (documentation changed)
│ ├[~] type OtaaV10x
│ │ └ properties
│ │ ├ AppEui: (documentation changed)
│ │ └ AppKey: (documentation changed)
│ └[~] type SessionKeysAbpV10x
│ ├ - documentation: undefined
│ │ + documentation: Session keys for ABP v1.0.x.
│ └ properties
│ ├ AppSKey: (documentation changed)
│ └ NwkSKey: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ ├[~] resource AWS::Lambda::EventInvokeConfig
│ │ └ types
│ │ └[~] type OnFailure
│ │ └ properties
│ │ └ Destination: (documentation changed)
│ └[~] resource AWS::Lambda::EventSourceMapping
│ ├ properties
│ │ └ DestinationConfig: (documentation changed)
│ └ types
│ └[~] type OnFailure
│ └ properties
│ └ Destination: (documentation changed)
├[~] service aws-location
│ └ resources
│ └[~] resource AWS::Location::Map
│ └ types
│ └[~] type MapConfiguration
│ └ properties
│ └ CustomLayers: (documentation changed)
├[~] service aws-logs
│ └ resources
│ ├[~] resource AWS::Logs::AccountPolicy
│ │ └ - documentation: Creates or updates an aaccount-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.
│ │ *Data protection policy*
│ │ A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
│ │ > Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.
│ │ If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
│ │ By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the `logs:Unmask` permission can use a [GetLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) or [FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) operation with the `unmask` parameter set to `true` to view the unmasked log events. Users with the `logs:Unmask` can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the `unmask` query command.
│ │ For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .
│ │ To create an account-level policy, you must be signed on with the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy` permissions.
│ │ An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
│ │ *Subscription filter policy*
│ │ A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Kinesis Data Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
│ │ The following destinations are supported for subscription filters:
│ │ - An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
│ │ - An Kinesis Data Firehose data stream in the same account as the subscription policy, for same-account delivery.
│ │ - A Lambda function in the same account as the subscription policy, for same-account delivery.
│ │ - A logical destination in a different account created with [PutDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html) , for cross-account delivery. Kinesis Data Streams and Kinesis Data Firehose are supported as logical destinations.
│ │ Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in `PolicyName` . To perform a `PutAccountPolicy` subscription filter operation for any destination except a Lambda function, you must also have the `iam:PassRole` permission.
│ │ + documentation: Creates or updates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.
│ │ *Data protection policy*
│ │ A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
│ │ > Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.
│ │ If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
│ │ By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the `logs:Unmask` permission can use a [GetLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) or [FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) operation with the `unmask` parameter set to `true` to view the unmasked log events. Users with the `logs:Unmask` can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the `unmask` query command.
│ │ For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .
│ │ To create an account-level policy, you must be signed on with the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy` permissions.
│ │ An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
│ │ *Subscription filter policy*
│ │ A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Kinesis Data Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
│ │ The following destinations are supported for subscription filters:
│ │ - An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
│ │ - An Kinesis Data Firehose data stream in the same account as the subscription policy, for same-account delivery.
│ │ - A Lambda function in the same account as the subscription policy, for same-account delivery.
│ │ - A logical destination in a different account created with [PutDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html) , for cross-account delivery. Kinesis Data Streams and Kinesis Data Firehose are supported as logical destinations.
│ │ Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in `PolicyName` . To perform a `PutAccountPolicy` subscription filter operation for any destination except a Lambda function, you must also have the `iam:PassRole` permission.
│ └[~] resource AWS::Logs::QueryDefinition
│ └ properties
│ └ Name: (documentation changed)
├[~] service aws-networkmanager
│ └ resources
│ └[~] resource AWS::NetworkManager::Device
│ └ attributes
│ └ CreatedAt: (documentation changed)
├[~] service aws-opensearchserverless
│ └ resources
│ └[~] resource AWS::OpenSearchServerless::Collection
│ └ properties
│ └ StandbyReplicas: (documentation changed)
├[~] service aws-osis
│ └ resources
│ └[~] resource AWS::OSIS::Pipeline
│ ├ properties
│ │ ├ BufferOptions: (documentation changed)
│ │ └ EncryptionAtRestOptions: (documentation changed)
│ └ types
│ ├[~] type BufferOptions
│ │ └ - documentation: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
│ │ + documentation: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the `EncryptionAtRestOptions` . For more information, see [Persistent buffering](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/osis-features-overview.html#persistent-buffering) .
│ ├[~] type CloudWatchLogDestination
│ │ └ properties
│ │ └ LogGroup: (documentation changed)
│ └[~] type EncryptionAtRestOptions
│ ├ - documentation: Options to control how OpenSearch encrypts all data-at-rest.
│ │ + documentation: Options to control how OpenSearch encrypts buffer data.
│ └ properties
│ └ KmsKeyArn: (documentation changed)
├[~] service aws-personalize
│ └ resources
│ └[~] resource AWS::Personalize::Solution
│ └ - documentation: An object that provides information about a solution. A solution is a trained model that can be deployed as a campaign.
│ + documentation: An object that provides information about a solution. A solution includes the custom recipe, customized parameters, and trained models (Solution Versions) that Amazon Personalize uses to generate recommendations.
├[~] service aws-pinpoint
│ └ resources
│ └[~] resource AWS::Pinpoint::EventStream
│ └ properties
│ └ DestinationStreamArn: (documentation changed)
├[~] service aws-rds
│ └ resources
│ ├[~] resource AWS::RDS::DBCluster
│ │ ├ properties
│ │ │ ├ ScalingConfiguration: (documentation changed)
│ │ │ └ ServerlessV2ScalingConfiguration: (documentation changed)
│ │ └ types
│ │ ├[~] type ScalingConfiguration
│ │ │ └ - documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless DB cluster.
│ │ │ For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* .
│ │ │ This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, use `ServerlessV2ScalingConfiguration` property.
│ │ │ Valid for: Aurora DB clusters only
│ │ │ + documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless DB cluster.
│ │ │ For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* .
│ │ │ This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the `ServerlessV2ScalingConfiguration` property.
│ │ │ Valid for: A…
3 tasks
mergify bot
pushed a commit
that referenced
this pull request
Feb 16, 2024
### Issue # (if applicable) Closes #N/A ### Reason for this change v2.127.0 updated the L1 construct for AWS::ECS::TaskDefinition, adding support for the property ContainerDefinitions.CredentialSpecs, [see](#29053). This PR adds support for CredentialSpecs property in the L2 construct used by `Ec2TaskDefinition.addContainer` method. ### Description of changes Added property in L2 construct, updated unit test and added integration test. ### Description of how you validated changes - [x] Unit test updated and validated - [x] Integration test added and validated ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
GavinZZ
pushed a commit
that referenced
this pull request
Feb 22, 2024
### Issue # (if applicable) Closes #N/A ### Reason for this change v2.127.0 updated the L1 construct for AWS::ECS::TaskDefinition, adding support for the property ContainerDefinitions.CredentialSpecs, [see](#29053). This PR adds support for CredentialSpecs property in the L2 construct used by `Ec2TaskDefinition.addContainer` method. ### Description of changes Added property in L2 construct, updated unit test and added integration test. ### Description of how you validated changes - [x] Unit test updated and validated - [x] Integration test added and validated ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the L1 CloudFormation resource definitions with the latest changes from
@aws-cdk/aws-service-specL1 CloudFormation resource definition changes: