diff --git a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json index 1eac7554cb9b1..ecfb3e6696ca9 100644 --- a/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json +++ b/packages/@aws-cdk/cfnspec/spec-source/cfn-docs/cfn-docs.json @@ -1050,7 +1050,7 @@ "Id": "The ID for the account. For example: `abc123` .", "Ref": "`Ref` returns the ID of the resource, such as `mysta-accou-01234b567890example` ." }, - "description": "The `AWS::ApiGateway::Account` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one `AWS::ApiGateway::Account` resource per region per account.\n\n> If an API Gateway resource has never been created in your AWS account , you must add a dependency on another API Gateway resource, such as an [AWS::ApiGateway::RestApi](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) or [AWS::ApiGateway::ApiKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html) resource.\n> \n> If an API Gateway resource has been created in your AWS account , no dependency is required (even if the resource was deleted).", + "description": "The `AWS::ApiGateway::Account` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one `AWS::ApiGateway::Account` resource per region per account.", "properties": { "CloudWatchRoleArn": "The ARN of an Amazon CloudWatch role for the current Account." } @@ -1843,7 +1843,8 @@ }, "AWS::ApiGatewayV2::RouteResponse": { "attributes": { - "Ref": "`Ref` returns the Route Response resource ID, such as `abc123` ." + "Ref": "`Ref` returns the Route Response resource ID, such as `abc123` .", + "RouteResponseId": "" }, "description": "The `AWS::ApiGatewayV2::RouteResponse` resource creates a route response for a WebSocket API. For more information, see [Set up Route Responses for a WebSocket API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-route-response.html) in the *API Gateway Developer Guide* .", "properties": { @@ -5594,7 +5595,7 @@ }, "AWS::Athena::WorkGroup.CustomerContentEncryptionConfiguration": { "attributes": {}, - "description": "Specifies the KMS key that is used to encrypt the user's data stores in Athena.", + "description": "Specifies the KMS key that is used to encrypt the user's data stores in Athena. This setting does not apply to Athena SQL workgroups.", "properties": { "KmsKey": "The KMS key that is used to encrypt the user's data stores in Athena." } @@ -5631,7 +5632,7 @@ "properties": { "AdditionalConfiguration": "Specifies a user defined JSON string that is passed to the session engine.", "BytesScannedCutoffPerQuery": "The upper limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. No default is defined.\n\n> This property currently supports integer types. Support for long values is planned.", - "CustomerContentEncryptionConfiguration": "Specifies the KMS key that is used to encrypt the user's data stores in Athena.", + "CustomerContentEncryptionConfiguration": "Specifies the KMS key that is used to encrypt the user's data stores in Athena. This setting does not apply to Athena SQL workgroups.", "EnforceWorkGroupConfiguration": "If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) .", "EngineVersion": "The engine version that all queries running on the workgroup use.", "ExecutionRole": "Role used in an Apache Spark session for accessing the user's resources.", @@ -6583,7 +6584,7 @@ "properties": { "AllocationStrategy": "The allocation strategy to use for the compute resource if not enough instances of the best fitting instance type can be allocated. This might be because of availability of the instance type in the Region or [Amazon EC2 service limits](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) . For more information, see [Allocation strategies](https://docs.aws.amazon.com/batch/latest/userguide/allocation-strategies.html) in the *AWS Batch User Guide* .\n\nWhen updating a compute environment, changing the allocation strategy requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* . `BEST_FIT` is not supported when updating a compute environment.\n\n> This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified. \n\n- **BEST_FIT (default)** - AWS Batch selects an instance type that best fits the needs of the jobs with a preference for the lowest-cost instance type. If additional instances of the selected instance type aren't available, AWS Batch waits for the additional instances to be available. If there aren't enough instances available, or if the user is reaching [Amazon EC2 service limits](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) then additional jobs aren't run until the currently running jobs have completed. This allocation strategy keeps costs lower but can limit scaling. If you are using Spot Fleets with `BEST_FIT` then the Spot Fleet IAM role must be specified.\n- **BEST_FIT_PROGRESSIVE** - AWS Batch will select additional instance types that are large enough to meet the requirements of the jobs in the queue, with a preference for instance types with a lower cost per unit vCPU. If additional instances of the previously selected instance types aren't available, AWS Batch will select new instance types.\n- **SPOT_CAPACITY_OPTIMIZED** - AWS Batch will select one or more instance types that are large enough to meet the requirements of the jobs in the queue, with a preference for instance types that are less likely to be interrupted. This allocation strategy is only available for Spot Instance compute resources.\n\nWith both `BEST_FIT_PROGRESSIVE` and `SPOT_CAPACITY_OPTIMIZED` allocation strategies using On-Demand or Spot Instances, and the `BEST_FIT` strategy using Spot Instances, AWS Batch might need to go above `maxvCpus` to meet your capacity requirements. In this event, AWS Batch never exceeds `maxvCpus` by more than a single instance.", "BidPercentage": "The maximum percentage that a Spot Instance price can be when compared with the On-Demand price for that instance type before instances are launched. For example, if your maximum percentage is 20%, the Spot price must be less than 20% of the current On-Demand price for that Amazon EC2 instance. You always pay the lowest (market) price and never more than your maximum percentage. For most use cases, we recommend leaving this field empty.\n\nWhen updating a compute environment, changing the bid percentage requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", - "DesiredvCpus": "The desired number of Amazon EC2 vCPUS in the compute environment. AWS Batch modifies this value between the minimum and maximum values based on job queue demand.\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > AWS Batch doesn't support changing the desired number of vCPUs of an existing compute environment. Don't specify this parameter for compute environments using Amazon EKS clusters. > When you update the `desiredvCpus` setting, the value must be between the `minvCpus` and `maxvCpus` values.\n> \n> Additionally, the updated `desiredvCpus` value must be greater than or equal to the current `desiredvCpus` value. For more information, see [Troubleshooting AWS Batch](https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#error-desired-vcpus-update) in the *AWS Batch User Guide* .", + "DesiredvCpus": "The desired number of vCPUS in the compute environment. AWS Batch modifies this value between the minimum and maximum values based on job queue demand.\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > AWS Batch doesn't support changing the desired number of vCPUs of an existing compute environment. Don't specify this parameter for compute environments using Amazon EKS clusters. > When you update the `desiredvCpus` setting, the value must be between the `minvCpus` and `maxvCpus` values.\n> \n> Additionally, the updated `desiredvCpus` value must be greater than or equal to the current `desiredvCpus` value. For more information, see [Troubleshooting AWS Batch](https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#error-desired-vcpus-update) in the *AWS Batch User Guide* .", "Ec2Configuration": "Provides information used to select Amazon Machine Images (AMIs) for EC2 instances in the compute environment. If `Ec2Configuration` isn't specified, the default is `ECS_AL2` .\n\nWhen updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* . To remove the EC2 configuration and any custom AMI ID specified in `imageIdOverride` , set this value to an empty string.\n\nOne or two values can be provided.\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", "Ec2KeyPair": "The Amazon EC2 key pair that's used for instances launched in the compute environment. You can use this key pair to log in to your instances with SSH. To remove the Amazon EC2 key pair, set this value to an empty string.\n\nWhen updating a compute environment, changing the EC2 key pair requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", "ImageId": "The Amazon Machine Image (AMI) ID used for instances launched in the compute environment. This parameter is overridden by the `imageIdOverride` member of the `Ec2Configuration` structure. To remove the custom AMI ID and use the default AMI ID, set this value to an empty string.\n\nWhen updating a compute environment, changing the AMI ID requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > The AMI that you choose for a compute environment must match the architecture of the instance types that you intend to use for that compute environment. For example, if your compute environment uses A1 instance types, the compute resource AMI that you choose must support ARM instances. Amazon ECS vends both x86 and ARM versions of the Amazon ECS-optimized Amazon Linux 2 AMI. For more information, see [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux-variants.html) in the *Amazon Elastic Container Service Developer Guide* .", @@ -6591,7 +6592,7 @@ "InstanceTypes": "The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, `c5` or `p3` ), or you can specify specific sizes within a family (such as `c5.8xlarge` ). You can also choose `optimal` to select instance types (from the C4, M4, and R4 instance families) that match the demand of your job queues.\n\nWhen updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment. > Currently, `optimal` uses instance types from the C4, M4, and R4 instance families. In Regions that don't have instance types from those instance families, instance types from the C5, M5, and R5 instance families are used.", "LaunchTemplate": "The launch template to use for your compute resources. Any other compute resource parameters that you specify in a [CreateComputeEnvironment](https://docs.aws.amazon.com/batch/latest/APIReference/API_CreateComputeEnvironment.html) API operation override the same parameters in the launch template. You must specify either the launch template ID or launch template name in the request, but not both. For more information, see [Launch Template Support](https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html) in the ** . Removing the launch template from a compute environment will not remove the AMI specified in the launch template. In order to update the AMI specified in a launch template, the `updateToLatestImageVersion` parameter must be set to `true` .\n\nWhen updating a compute environment, changing the launch template requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the ** .\n\n> This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.", "MaxvCpus": "The maximum number of Amazon EC2 vCPUs that an environment can reach.\n\n> With both `BEST_FIT_PROGRESSIVE` and `SPOT_CAPACITY_OPTIMIZED` allocation strategies using On-Demand or Spot Instances, and the `BEST_FIT` strategy using Spot Instances, AWS Batch might need to exceed `maxvCpus` to meet your capacity requirements. In this event, AWS Batch never exceeds `maxvCpus` by more than a single instance. That is, no more than a single instance from among those specified in your compute environment.", - "MinvCpus": "The minimum number of Amazon EC2 vCPUs that an environment should maintain (even if the compute environment is `DISABLED` ).\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", + "MinvCpus": "The minimum number of vCPUs that an environment should maintain (even if the compute environment is `DISABLED` ).\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", "PlacementGroup": "The Amazon EC2 placement group to associate with your compute resources. If you intend to submit multi-node parallel jobs to your compute environment, you should consider creating a cluster placement group and associate it with your compute resources. This keeps your multi-node parallel job on a logical grouping of instances within a single Availability Zone with high network flow potential. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances* .\n\nWhen updating a compute environment, changing the placement group requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.", "SecurityGroupIds": "The Amazon EC2 security groups that are associated with instances launched in the compute environment. This parameter is required for Fargate compute resources, where it can contain up to 5 security groups. For Fargate compute resources, providing an empty list is handled as if this parameter wasn't specified and no change is made. For EC2 compute resources, providing an empty list removes the security groups from the compute resource.\n\nWhen updating a compute environment, changing the EC2 security groups requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .", "SpotIamFleetRole": "The Amazon Resource Name (ARN) of the Amazon EC2 Spot Fleet IAM role applied to a `SPOT` compute environment. This role is required if the allocation strategy set to `BEST_FIT` or if the allocation strategy isn't specified. For more information, see [Amazon EC2 spot fleet role](https://docs.aws.amazon.com/batch/latest/userguide/spot_fleet_IAM_role.html) in the *AWS Batch User Guide* .\n\n> This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > To tag your Spot Instances on creation, the Spot Fleet IAM role specified here must use the newer *AmazonEC2SpotFleetTaggingRole* managed policy. The previously recommended *AmazonEC2SpotFleetRole* managed policy doesn't have the required permissions to tag Spot Instances. For more information, see [Spot instances not tagged on creation](https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#spot-instance-no-tag) in the *AWS Batch User Guide* .", @@ -8751,6 +8752,7 @@ "description": "Creates a new event data store.", "properties": { "AdvancedEventSelectors": "The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store.\n\nFor more information about how to use advanced event selectors to log CloudTrail events, see [Log events by using advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include AWS Config configuration items in your event data store, see [Create an event data store for AWS Config configuration items](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-eds-config) in the CloudTrail User Guide.\n\nFor more information about how to use advanced event selectors to include non- AWS events in your event data store, see [Create an integration to log events from outside AWS](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-integration) in the CloudTrail User Guide.", + "IngestionEnabled": "", "KmsKeyId": "Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by `alias/` , a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.\n\n> Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store. \n\nCloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see [Using multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .\n\nExamples:\n\n- `alias/MyAliasName`\n- `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`\n- `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`\n- `12345678-1234-1234-1234-123456789012`", "MultiRegionEnabled": "Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created.", "Name": "The name of the event data store.", @@ -8774,7 +8776,7 @@ "properties": { "EndsWith": "An operator that includes events that match the last few characters of the event record field specified as the value of `Field` .", "Equals": "An operator that includes events that match the exact value of the event record field specified as the value of `Field` . This is the only valid operator that you can use with the `readOnly` , `eventCategory` , and `resources.type` fields.", - "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set only to `NotEquals` `kms.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`", + "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set only to `NotEquals` `kms.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`", "NotEndsWith": "An operator that excludes events that match the last few characters of the event record field specified as the value of `Field` .", "NotEquals": "An operator that excludes events that match the exact value of the event record field specified as the value of `Field` .", "NotStartsWith": "An operator that excludes events that match the first few characters of the event record field specified as the value of `Field` .", @@ -8799,6 +8801,7 @@ }, "description": "Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket.", "properties": { + "AdvancedEventSelectors": "", "CloudWatchLogsLogGroupArn": "Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. You must use a log group that exists in your account.\n\nNot required unless you specify `CloudWatchLogsRoleArn` .", "CloudWatchLogsRoleArn": "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. You must use a role that exists in your account.", "EnableLogFileValidation": "Specifies whether log file validation is enabled. The default is false.\n\n> When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.", @@ -8816,6 +8819,27 @@ "TrailName": "Specifies the name of the trail. The name must meet the following requirements:\n\n- Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)\n- Start with a letter or number, and end with a letter or number\n- Be between 3 and 128 characters\n- Have no adjacent periods, underscores or dashes. Names like `my-_namespace` and `my--namespace` are not valid.\n- Not be in IP address format (for example, 192.168.5.4)" } }, + "AWS::CloudTrail::Trail.AdvancedEventSelector": { + "attributes": {}, + "description": "Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record \ufb01elds. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* .\n\n- `readOnly`\n- `eventSource`\n- `eventName`\n- `eventCategory`\n- `resources.type`\n- `resources.ARN`\n\nYou cannot apply both event selectors and advanced event selectors to a trail.", + "properties": { + "FieldSelectors": "Contains all selector statements in an advanced event selector.", + "Name": "An optional, descriptive name for an advanced event selector, such as \"Log data events for only two S3 buckets\"." + } + }, + "AWS::CloudTrail::Trail.AdvancedFieldSelector": { + "attributes": {}, + "description": "A single selector statement in an advanced event selector.", + "properties": { + "EndsWith": "An operator that includes events that match the last few characters of the event record field specified as the value of `Field` .", + "Equals": "An operator that includes events that match the exact value of the event record field specified as the value of `Field` . This is the only valid operator that you can use with the `readOnly` , `eventCategory` , and `resources.type` fields.", + "Field": "A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported.\n\nFor CloudTrail event records, supported fields include `readOnly` , `eventCategory` , `eventSource` (for management events), `eventName` , `resources.type` , and `resources.ARN` .\n\nFor event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is `eventCategory` .\n\n- *`readOnly`* - Optional. Can be set to `Equals` a value of `true` or `false` . If you do not add this field, CloudTrail logs both `read` and `write` events. A value of `true` logs only `read` events. A value of `false` logs only `write` events.\n- *`eventSource`* - For filtering management events only. This can be set only to `NotEquals` `kms.amazonaws.com` .\n- *`eventName`* - Can use any operator. You can use it to \ufb01lter in or \ufb01lter out any data event logged to CloudTrail, such as `PutBucket` or `GetSnapshotBlock` . You can have multiple values for this \ufb01eld, separated by commas.\n- *`eventCategory`* - This is required and must be set to `Equals` .\n\n- For CloudTrail event records, the value must be `Management` or `Data` .\n- For AWS Config configuration items, the value must be `ConfigurationItem` .\n- For Audit Manager evidence, the value must be `Evidence` .\n- For non- AWS events, the value must be `ActivityAuditLog` .\n- *`resources.type`* - This \ufb01eld is required for CloudTrail data events. `resources.type` can only use the `Equals` operator, and the value can be one of the following:\n\n- `AWS::DynamoDB::Table`\n- `AWS::Lambda::Function`\n- `AWS::S3::Object`\n- `AWS::CloudTrail::Channel`\n- `AWS::Cognito::IdentityPool`\n- `AWS::DynamoDB::Stream`\n- `AWS::EC2::Snapshot`\n- `AWS::EMRWAL::Workspace`\n- `AWS::FinSpace::Environment`\n- `AWS::Glue::Table`\n- `AWS::GuardDuty::Detector`\n- `AWS::KendraRanking::ExecutionPlan`\n- `AWS::ManagedBlockchain::Node`\n- `AWS::SageMaker::ExperimentTrialComponent`\n- `AWS::SageMaker::FeatureGroup`\n- `AWS::S3::AccessPoint`\n- `AWS::S3ObjectLambda::AccessPoint`\n- `AWS::S3Outposts::Object`\n\nYou can have only one `resources.type` \ufb01eld per selector. To log data events on more than one resource type, add another selector.\n- *`resources.ARN`* - You can use any operator with `resources.ARN` , but if you use `Equals` or `NotEquals` , the value must exactly match the ARN of a valid resource of the type you've speci\ufb01ed in the template as the value of resources.type. For example, if resources.type equals `AWS::S3::Object` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the `StartsWith` operator, and include only the bucket ARN as the matching value.\n\nThe trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.\n\n- `arn::s3:::/`\n- `arn::s3::://`\n\nWhen resources.type equals `AWS::DynamoDB::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table/`\n\nWhen resources.type equals `AWS::Lambda::Function` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::lambda:::function:`\n\nWhen resources.type equals `AWS::CloudTrail::Channel` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cloudtrail:::channel/`\n\nWhen resources.type equals `AWS::Cognito::IdentityPool` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::cognito-identity:::identitypool/`\n\nWhen `resources.type` equals `AWS::DynamoDB::Stream` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::dynamodb:::table//stream/`\n\nWhen `resources.type` equals `AWS::EC2::Snapshot` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::ec2:::snapshot/`\n\nWhen `resources.type` equals `AWS::EMRWAL::Workspace` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::emrwal:::workspace/`\n\nWhen `resources.type` equals `AWS::FinSpace::Environment` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::finspace:::environment/`\n\nWhen `resources.type` equals `AWS::Glue::Table` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::glue:::table//`\n\nWhen `resources.type` equals `AWS::GuardDuty::Detector` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::guardduty:::detector/`\n\nWhen `resources.type` equals `AWS::KendraRanking::ExecutionPlan` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::kendra-ranking:::rescore-execution-plan/`\n\nWhen `resources.type` equals `AWS::ManagedBlockchain::Node` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::managedblockchain:::nodes/`\n\nWhen `resources.type` equals `AWS::SageMaker::ExperimentTrialComponent` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::experiment-trial-component/`\n\nWhen `resources.type` equals `AWS::SageMaker::FeatureGroup` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::sagemaker:::feature-group/`\n\nWhen `resources.type` equals `AWS::S3::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don\u2019t include the object path, and use the `StartsWith` or `NotStartsWith` operators.\n\n- `arn::s3:::accesspoint/`\n- `arn::s3:::accesspoint//object/`\n\nWhen `resources.type` equals `AWS::S3ObjectLambda::AccessPoint` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-object-lambda:::accesspoint/`\n\nWhen `resources.type` equals `AWS::S3Outposts::Object` , and the operator is set to `Equals` or `NotEquals` , the ARN must be in the following format:\n\n- `arn::s3-outposts:::`", + "NotEndsWith": "An operator that excludes events that match the last few characters of the event record field specified as the value of `Field` .", + "NotEquals": "An operator that excludes events that match the exact value of the event record field specified as the value of `Field` .", + "NotStartsWith": "An operator that excludes events that match the first few characters of the event record field specified as the value of `Field` .", + "StartsWith": "An operator that includes events that match the first few characters of the event record field specified as the value of `Field` ." + } + }, "AWS::CloudTrail::Trail.DataResource": { "attributes": {}, "description": "The Amazon S3 buckets, AWS Lambda functions, or Amazon DynamoDB tables that you specify in event selectors in your AWS CloudFormation template for your trail to log data events. Data events provide information about the resource operations performed on or within a resource itself. These are also known as data plane operations. You can specify up to 250 data resources for a trail. Currently, advanced event selectors for data events are not supported in AWS CloudFormation templates.\n\n> The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors. \n\nThe following example demonstrates how logging works when you configure logging of all data events for an S3 bucket named `bucket-1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events.\n\n- A user uploads an image file to `bucket-1` .\n- The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event.\n- A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::bucket-2` .\n- The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn\u2019t log the event.\n\nThe following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions.\n\n- A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function.\n- The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event.\n- The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn\u2019t log the event.", @@ -11648,6 +11672,64 @@ "TargetIdentifier": "The ARN of the organizational unit." } }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition": { + "attributes": { + "CreatedAt": "The timestamp of when the calculated attribute definition was created.", + "LastUpdatedAt": "The timestamp of when the calculated attribute definition was most recently edited.", + "Ref": "" + }, + "description": "A calculated attribute definition for Customer Profiles", + "properties": { + "AttributeDetails": "Mathematical expression and a list of attribute items specified in that expression.", + "CalculatedAttributeName": "The name of an attribute defined in a profile object type.", + "Conditions": "The conditions including range, object count, and threshold for the calculated attribute.", + "Description": "The description of the calculated attribute.", + "DisplayName": "The display name of the calculated attribute.", + "DomainName": "The unique name of the domain.", + "Statistic": "The aggregation operation to perform for the calculated attribute.", + "Tags": "An array of key-value pairs to apply to this resource." + } + }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition.AttributeDetails": { + "attributes": {}, + "description": "Mathematical expression and a list of attribute items specified in that expression.", + "properties": { + "Attributes": "Mathematical expression and a list of attribute items specified in that expression.", + "Expression": "Mathematical expression that is performed on attribute items provided in the attribute list. Each element in the expression should follow the structure of \\\"{ObjectTypeName.AttributeName}\\\"." + } + }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition.AttributeItem": { + "attributes": {}, + "description": "The details of a single attribute item specified in the mathematical expression.", + "properties": { + "Name": "The unique name of the calculated attribute." + } + }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition.Conditions": { + "attributes": {}, + "description": "The conditions including range, object count, and threshold for the calculated attribute.", + "properties": { + "ObjectCount": "The number of profile objects used for the calculated attribute.", + "Range": "The relative time period over which data is included in the aggregation.", + "Threshold": "The threshold for the calculated attribute." + } + }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition.Range": { + "attributes": {}, + "description": "The relative time period over which data is included in the aggregation.", + "properties": { + "Unit": "The unit of time.", + "Value": "The amount of time of the specified unit." + } + }, + "AWS::CustomerProfiles::CalculatedAttributeDefinition.Threshold": { + "attributes": {}, + "description": "The threshold for the calculated attribute.", + "properties": { + "Operator": "The operator of the threshold.", + "Value": "The value of the threshold." + } + }, "AWS::CustomerProfiles::Domain": { "attributes": { "CreatedAt": "The timestamp of when the domain was created.", @@ -13636,7 +13718,7 @@ }, "description": "The `AWS::Detective::Graph` resource is an Amazon Detective resource type that creates a Detective behavior graph. The requesting account becomes the administrator account for the behavior graph.", "properties": { - "AutoEnableMembers": "", + "AutoEnableMembers": "Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.\n\nBy default, this property is set to `false` . If you want to change the value of this property, you must be the Detective administrator for the organization. For more information on setting a Detective administrator account, see [AWS::Detective::OrganizationAdmin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-detective-organizationadmin.html)", "Tags": "The tag values to assign to the new behavior graph." } }, @@ -13653,6 +13735,16 @@ "Message": "Customized text to include in the invitation email message." } }, + "AWS::Detective::OrganizationAdmin": { + "attributes": { + "GraphArn": "The ARN of the behavior graph to invite the account to contribute data to.", + "Ref": "`Ref` returns the ARN of the behavior graph and the member account identifier, separated by a pipe character ('|')." + }, + "description": "The `AWS::Detective::OrganizationAdmin` resource is an Amazon Detective resource type that designates the Detective administrator account for the organization in the current region. If the account does not have Detective enabled, then this resource enables Detective for that account and creates a new behavior graph.\n\nThe `AWS::Detective::OrganizationAdmin` resource is currently not available in AWS GovCloud (US) PDT/OSU Regions.", + "properties": { + "AccountId": "The AWS account identifier of the account to designate as the Detective administrator account for the organization." + } + }, "AWS::DevOpsGuru::LogAnomalyDetectionIntegration": { "attributes": { "AccountId": "The account ID associated with the integration of DevOps Guru with CloudWatch log groups for log anomaly detection.", @@ -16151,7 +16243,6 @@ "description": "Describes a network interface in an Amazon EC2 instance for AWS CloudFormation .", "properties": { "Description": "A description for the network interface.", - "EnablePrimaryIpv6": "", "GroupSet": "The security group IDs associated with this network interface.", "InterfaceType": "The type of network interface. The default is `interface` . The supported values are `efa` and `trunk` .", "Ipv6AddressCount": "The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the `Ipv6Addresses` property and don't specify this property.", @@ -21208,9 +21299,9 @@ }, "AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration": { "attributes": {}, - "description": "", + "description": "Specifies the configuration for experiment logging to CloudWatch Logs .", "properties": { - "LogGroupArn": "" + "LogGroupArn": "The Amazon Resource Name (ARN) of the destination Amazon CloudWatch Logs log group." } }, "AWS::FIS::ExperimentTemplate.ExperimentTemplateAction": { @@ -21228,9 +21319,9 @@ "attributes": {}, "description": "Specifies the configuration for experiment logging.\n\nFor more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Simulator User Guide* .", "properties": { - "CloudWatchLogsConfiguration": "The configuration for experiment logging to Amazon CloudWatch Logs. The supported field is `LogGroupArn` . For example:\n\n`{\"LogGroupArn\": \"aws:arn:logs: *region_name* : *account_id* :log-group: *log_group_name* \"}`", - "LogSchemaVersion": "The schema version. The supported value is 1.", - "S3Configuration": "The configuration for experiment logging to Amazon S3. The following fields are supported:\n\n- `bucketName` - The name of the destination bucket.\n- `prefix` - An optional bucket prefix.\n\nFor example:\n\n`{\"BucketName\": \" *my-s3-bucket* \", \"Prefix\": \" *log-folder* \"}`" + "CloudWatchLogsConfiguration": "The configuration for experiment logging to CloudWatch Logs .", + "LogSchemaVersion": "The schema version.", + "S3Configuration": "The configuration for experiment logging to Amazon S3 ." } }, "AWS::FIS::ExperimentTemplate.ExperimentTemplateStopCondition": { @@ -21263,10 +21354,10 @@ }, "AWS::FIS::ExperimentTemplate.S3Configuration": { "attributes": {}, - "description": "", + "description": "Specifies the configuration for experiment logging to Amazon S3 .", "properties": { - "BucketName": "", - "Prefix": "" + "BucketName": "The name of the destination bucket.", + "Prefix": "The bucket prefix." } }, "AWS::FMS::NotificationChannel": { @@ -22101,19 +22192,19 @@ "properties": { "Name": "A descriptive label that is associated with a build. Build names do not need to be unique.", "OperatingSystem": "The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.\n\n> If you have active fleets using the Windows Server 2012 operating system, you can continue to create new builds using this OS until October 10, 2023, when Microsoft ends its support. All others must use Windows Server 2016 when creating new Windows-based builds.", - "ServerSdkVersion": "A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see [Integrate games with custom game servers](https://docs.aws.amazon.com/gamelift/latest/developerguide/integration-custom-intro.html) . By default Amazon GameLift sets this value to `4.0.2` .", + "ServerSdkVersion": "The Amazon GameLift Server SDK version used to develop your game server.", "StorageLocation": "Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.\n\nIf a `StorageLocation` is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a `SizeOnDisk` of 0.", "Version": "Version information that is associated with this build. Version strings do not need to be unique." } }, "AWS::GameLift::Build.StorageLocation": { "attributes": {}, - "description": "The location in Amazon S3 where build or script files are stored for access by Amazon GameLift.", + "description": "", "properties": { - "Bucket": "An Amazon S3 bucket identifier. Thename of the S3 bucket.\n\n> Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).", - "Key": "The name of the zip file that contains the build files or script files.", - "ObjectVersion": "The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from your S3 bucket. To retrieve a specific version of the file, provide an object version. To retrieve the latest version of the file, do not set this parameter.", - "RoleArn": "The Amazon Resource Name ( [ARN](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html) ) for an IAM role that allows Amazon GameLift to access the S3 bucket." + "Bucket": "", + "Key": "", + "ObjectVersion": "", + "RoleArn": "" } }, "AWS::GameLift::Fleet": { @@ -22701,28 +22792,6 @@ "SseAwsKmsKeyId": "The ID of the AWS KMS key to use for encryption at rest." } }, - "AWS::Glue::DataQualityRuleset": { - "attributes": { - "Ref": "" - }, - "description": "The `AWS::Glue::DataQualityRuleset` resource specifies a data quality ruleset with DQDL rules applied to a specified AWS Glue table. For more information, see AWS Glue Data Quality in the AWS Glue Developer Guide.", - "properties": { - "ClientToken": "Used for idempotency and is recommended to be set to a random ID (such as a UUID) to avoid creating or starting multiple instances of the same resource.", - "Description": "A description of the data quality ruleset.", - "Name": "The name of the data quality ruleset.", - "Ruleset": "A Data Quality Definition Language (DQDL) ruleset. For more information see the AWS Glue Developer Guide.", - "Tags": "A list of tags applied to the data quality ruleset.", - "TargetTable": "An object representing an AWS Glue table." - } - }, - "AWS::Glue::DataQualityRuleset.TargetTable": { - "attributes": {}, - "description": "An object representing an AWS Glue table.", - "properties": { - "DatabaseName": "The name of the database where the AWS Glue table exists.", - "TableName": "The name of the AWS Glue table." - } - }, "AWS::Glue::Database": { "attributes": { "Ref": "`Ref` returns the database name." @@ -22848,6 +22917,7 @@ "properties": { "Name": "The name of the job command. For an Apache Spark ETL job, this must be `glueetl` . For a Python shell job, it must be `pythonshell` . For an Apache Spark streaming ETL job, this must be `gluestreaming` .", "PythonVersion": "The Python version being used to execute a Python shell job. Allowed values are 3 or 3.9. Version 2 is deprecated.", + "Runtime": "", "ScriptLocation": "Specifies the Amazon Simple Storage Service (Amazon S3) path to a script that executes a job (required)." } }, @@ -24585,7 +24655,7 @@ "attributes": { "Ref": "`Ref` returns the unique ID of the detector." }, - "description": "The `AWS::GuardDuty::Detector` resource specifies a new detector. A detector is an object that represents the service. A detector is required for to become operational.\n\nMake sure you use either `DataSources` or `Features` in a one request, and not both.", + "description": "The `AWS::GuardDuty::Detector` resource specifies a new GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector is required for GuardDuty to become operational.\n\nMake sure you use either `DataSources` or `Features` in a one request, and not both.", "properties": { "DataSources": "Describes which data sources will be enabled for the detector.", "Enable": "Specifies whether the detector is to be enabled on creation.", @@ -24672,7 +24742,7 @@ }, "AWS::GuardDuty::Filter.Condition": { "attributes": {}, - "description": "Specifies the condition to apply to a single field when filtering through findings.", + "description": "Specifies the condition to apply to a single field when filtering through GuardDuty findings.", "properties": { "Eq": "Represents the equal condition to apply to a single field when querying for findings.", "Equals": "Represents an *equal* ** condition to be applied to a single field when querying for findings.", @@ -24702,7 +24772,7 @@ }, "description": "The `AWS::GuardDuty::IPSet` resource specifies a new `IPSet` . An `IPSet` is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications.", "properties": { - "Activate": "Indicates whether or not uses the `IPSet` .", + "Activate": "Indicates whether or not GuardDuty uses the `IPSet` .", "DetectorId": "The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.", "Format": "The format of the file that contains the IPSet.", "Location": "The URI of the file that contains the IPSet.", @@ -24712,22 +24782,22 @@ }, "AWS::GuardDuty::Master": { "attributes": { - "Ref": "`Ref` returns the unique ID of the administrator account, such as 012345678901." + "Ref": "`Ref` returns the unique ID of the GuardDuty administrator account, such as 012345678901." }, - "description": "You can use the `AWS::GuardDuty::Master` resource in a member account to accept an invitation from a administrator account. The invitation to the member account must be sent prior to using the `AWS::GuardDuty::Master` resource to accept the administrator account's invitation. You can invite a member account by using the `InviteMembers` operation of the API, or by creating an `AWS::GuardDuty::Member` resource.", + "description": "You can use the `AWS::GuardDuty::Master` resource in a GuardDuty member account to accept an invitation from a GuardDuty administrator account. The invitation to the member account must be sent prior to using the `AWS::GuardDuty::Master` resource to accept the administrator account's invitation. You can invite a member account by using the `InviteMembers` operation of the GuardDuty API, or by creating an `AWS::GuardDuty::Member` resource.", "properties": { "DetectorId": "The unique ID of the detector of the GuardDuty member account.", - "InvitationId": "The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the API.", - "MasterId": "The AWS account ID of the account designated as the administrator account." + "InvitationId": "The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.", + "MasterId": "The AWS account ID of the account designated as the GuardDuty administrator account." } }, "AWS::GuardDuty::Member": { "attributes": { - "Ref": "`Ref` returns the unique ID of the member account, such as 012345678901." + "Ref": "`Ref` returns the unique ID of the GuardDuty member account, such as 012345678901." }, - "description": "You can use the `AWS::GuardDuty::Member` resource to add an AWS account as a member account to the current administrator account. If the value of the `Status` property is not provided or is set to `Created` , a member account is created but not invited. If the value of the `Status` property is set to `Invited` , a member account is created and invited. An `AWS::GuardDuty::Member` resource must be created with the `Status` property set to `Invited` before the `AWS::GuardDuty::Master` resource can be created in a member account.", + "description": "You can use the `AWS::GuardDuty::Member` resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of the `Status` property is not provided or is set to `Created` , a member account is created but not invited. If the value of the `Status` property is set to `Invited` , a member account is created and invited. An `AWS::GuardDuty::Member` resource must be created with the `Status` property set to `Invited` before the `AWS::GuardDuty::Master` resource can be created in a GuardDuty member account.", "properties": { - "DetectorId": "The ID of the detector associated with the service to add the member to.", + "DetectorId": "The ID of the detector associated with the GuardDuty service to add the member to.", "DisableEmailNotification": "Specifies whether or not to disable email notification for the member account that you invite.", "Email": "The email address associated with the member account.", "MemberId": "The AWS account ID of the account to designate as a member.", @@ -24739,7 +24809,7 @@ "attributes": { "Ref": "`Ref` returns the unique ID of the `ThreatIntelSet` ." }, - "description": "The `AWS::GuardDuty::ThreatIntelSet` resource specifies a new `ThreatIntelSet` . A `ThreatIntelSet` consists of known malicious IP addresses. generates findings based on the `ThreatIntelSet` when it is activated.", + "description": "The `AWS::GuardDuty::ThreatIntelSet` resource specifies a new `ThreatIntelSet` . A `ThreatIntelSet` consists of known malicious IP addresses. GuardDuty generates findings based on the `ThreatIntelSet` when it is activated.", "properties": { "Activate": "A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.", "DetectorId": "The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.", @@ -27906,109 +27976,109 @@ }, "AWS::IoTFleetWise::Campaign": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "Ref": "", - "Status": "" + "Arn": "The Amazon Resource Name (ARN) of the campaign.", + "CreationTime": "The time the campaign was created in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The last time the campaign was modified.", + "Ref": "`Ref` returns the Name.", + "Status": "The state of the campaign. The status can be one of: `CREATING` , `WAITING_FOR_APPROVAL` , `RUNNING` , and `SUSPENDED` ." }, "description": "Creates an orchestration of data collection rules. The AWS IoT FleetWise Edge Agent software running in vehicles uses campaigns to decide how to collect and transfer data to the cloud. You create campaigns in the cloud. After you or your team approve campaigns, AWS IoT FleetWise automatically deploys them to vehicles.\n\nFor more information, see [Collect and transfer data with campaigns](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/campaigns.html) in the *AWS IoT FleetWise Developer Guide* .", "properties": { - "Action": "", - "CollectionScheme": "", - "Compression": "", - "DataDestinationConfigs": "", - "DataExtraDimensions": "", - "Description": "The description of the campaign.", - "DiagnosticsMode": "", - "ExpiryTime": "", + "Action": "Specifies how to update a campaign. The action can be one of the following:\n\n- `APPROVE` - To approve delivering a data collection scheme to vehicles.\n- `SUSPEND` - To suspend collecting signal data. The campaign is deleted from vehicles and all vehicles in the suspended campaign will stop sending data.\n- `RESUME` - To reactivate the `SUSPEND` campaign. The campaign is redeployed to all vehicles and the vehicles will resume sending data.\n- `UPDATE` - To update a campaign.", + "CollectionScheme": "The data collection scheme associated with the campaign. You can specify a scheme that collects data based on time or an event.", + "Compression": "(Optional) Whether to compress signals before transmitting data to AWS IoT FleetWise . If you don't want to compress the signals, use `OFF` . If it's not specified, `SNAPPY` is used.\n\nDefault: `SNAPPY`", + "DataDestinationConfigs": "(Optional) The destination where the campaign sends data. You can choose to send data to be stored in Amazon S3 or Amazon Timestream .\n\nAmazon S3 optimizes the cost of data storage and provides additional mechanisms to use vehicle data, such as data lakes, centralized data storage, data processing pipelines, and analytics. AWS IoT FleetWise supports at-least-once file delivery to S3. Your vehicle data is stored on multiple AWS IoT FleetWise servers for redundancy and high availability.\n\nYou can use Amazon Timestream to access and analyze time series data, and Timestream to query vehicle data so that you can identify trends and patterns.", + "DataExtraDimensions": "(Optional) A list of vehicle attributes to associate with a campaign.\n\nEnrich the data with specified vehicle attributes. For example, add `make` and `model` to the campaign, and AWS IoT FleetWise will associate the data with those attributes as dimensions in Amazon Timestream . You can then query the data against `make` and `model` .\n\nDefault: An empty array", + "Description": "(Optional) The description of the campaign.", + "DiagnosticsMode": "(Optional) Option for a vehicle to send diagnostic trouble codes to AWS IoT FleetWise . If you want to send diagnostic trouble codes, use `SEND_ACTIVE_DTCS` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "ExpiryTime": "(Optional) The time the campaign expires, in seconds since epoch (January 1, 1970 at midnight UTC time). Vehicle data isn't collected after the campaign expires.\n\nDefault: 253402214400 (December 31, 9999, 00:00:00 UTC)", "Name": "The name of a campaign.", - "PostTriggerCollectionDuration": "", - "Priority": "", - "SignalCatalogArn": "The ARN of the signal catalog associated with the campaign.", - "SignalsToCollect": "", - "SpoolingMode": "", - "StartTime": "", - "Tags": "", - "TargetArn": "The ARN of a vehicle or fleet to which the campaign is deployed." + "PostTriggerCollectionDuration": "(Optional) How long (in milliseconds) to collect raw data after a triggering event initiates the collection. If it's not specified, `0` is used.\n\nDefault: `0`", + "Priority": "(Optional) A number indicating the priority of one campaign over another campaign for a certain vehicle or fleet. A campaign with the lowest value is deployed to vehicles before any other campaigns. If it's not specified, `0` is used.\n\nDefault: `0`", + "SignalCatalogArn": "The Amazon Resource Name (ARN) of the signal catalog associated with the campaign.", + "SignalsToCollect": "(Optional) A list of information about signals to collect.", + "SpoolingMode": "(Optional) Whether to store collected data after a vehicle lost a connection with the cloud. After a connection is re-established, the data is automatically forwarded to AWS IoT FleetWise . If you want to store collected data when a vehicle loses connection with the cloud, use `TO_DISK` . If it's not specified, `OFF` is used.\n\nDefault: `OFF`", + "StartTime": "(Optional) The time, in milliseconds, to deliver a campaign after it was approved. If it's not specified, `0` is used.\n\nDefault: `0`", + "Tags": "(Optional) Metadata that can be used to manage the campaign.", + "TargetArn": "The Amazon Resource Name (ARN) of a vehicle or fleet to which the campaign is deployed." } }, "AWS::IoTFleetWise::Campaign.CollectionScheme": { "attributes": {}, "description": "Specifies what data to collect and how often or when to collect it.", "properties": { - "ConditionBasedCollectionScheme": "", - "TimeBasedCollectionScheme": "" + "ConditionBasedCollectionScheme": "(Optional) Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", + "TimeBasedCollectionScheme": "(Optional) Information about a collection scheme that uses a time period to decide how often to collect data." } }, "AWS::IoTFleetWise::Campaign.ConditionBasedCollectionScheme": { "attributes": {}, - "description": "", + "description": "Information about a collection scheme that uses a simple logical expression to recognize what data to collect.", "properties": { - "ConditionLanguageVersion": "", - "Expression": "", - "MinimumTriggerIntervalMs": "", - "TriggerMode": "" + "ConditionLanguageVersion": "(Optional) Specifies the version of the conditional expression language.", + "Expression": "The logical expression used to recognize what data to collect. For example, `$variable.Vehicle.OutsideAirTemperature >= 105.0` .", + "MinimumTriggerIntervalMs": "(Optional) The minimum duration of time between two triggering events to collect data, in milliseconds.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "TriggerMode": "(Optional) Whether to collect data for all triggering events ( `ALWAYS` ). Specify ( `RISING_EDGE` ), or specify only when the condition first evaluates to false. For example, triggering on \"AirbagDeployed\"; Users aren't interested on triggering when the airbag is already exploded; they only care about the change from not deployed => deployed." } }, "AWS::IoTFleetWise::Campaign.DataDestinationConfig": { "attributes": {}, - "description": "", + "description": "The destination where the AWS IoT FleetWise campaign sends data. You can send data to be stored in Amazon S3 or Amazon Timestream .", "properties": { - "S3Config": "", - "TimestreamConfig": "" + "S3Config": "(Optional) The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data.", + "TimestreamConfig": "(Optional) The Amazon Timestream table where the campaign sends data." } }, "AWS::IoTFleetWise::Campaign.S3Config": { "attributes": {}, - "description": "", + "description": "The Amazon S3 bucket where the AWS IoT FleetWise campaign sends data. Amazon S3 is an object storage service that stores data as objects within buckets. For more information, see [Creating, configuring, and working with Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) in the *Amazon Simple Storage Service User Guide* .", "properties": { - "BucketArn": "", - "DataFormat": "", - "Prefix": "", - "StorageCompressionFormat": "" + "BucketArn": "The Amazon Resource Name (ARN) of the Amazon S3 bucket.", + "DataFormat": "(Optional) Specify the format that files are saved in the Amazon S3 bucket. You can save files in an Apache Parquet or JSON format.\n\n- Parquet - Store data in a columnar storage file format. Parquet is optimal for fast data retrieval and can reduce costs. This option is selected by default.\n- JSON - Store data in a standard text-based JSON file format.", + "Prefix": "(Optional) Enter an S3 bucket prefix. The prefix is the string of characters after the bucket name and before the object name. You can use the prefix to organize data stored in Amazon S3 buckets. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html) in the *Amazon Simple Storage Service User Guide* .\n\nBy default, AWS IoT FleetWise sets the prefix `processed-data/year=YY/month=MM/date=DD/hour=HH/` (in UTC) to data it delivers to Amazon S3 . You can enter a prefix to append it to this default prefix. For example, if you enter the prefix `vehicles` , the prefix will be `vehicles/processed-data/year=YY/month=MM/date=DD/hour=HH/` .", + "StorageCompressionFormat": "(Optional) By default, stored data is compressed as a .gzip file. Compressed files have a reduced file size, which can optimize the cost of data storage." } }, "AWS::IoTFleetWise::Campaign.SignalInformation": { "attributes": {}, "description": "Information about a signal.", "properties": { - "MaxSampleCount": "The maximum number of samples to collect.", - "MinimumSamplingIntervalMs": "The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", + "MaxSampleCount": "(Optional) The maximum number of samples to collect.", + "MinimumSamplingIntervalMs": "(Optional) The minimum duration of time (in milliseconds) between two triggering events to collect data.\n\n> If a signal changes often, you might want to collect data at a slower rate.", "Name": "The name of the signal." } }, "AWS::IoTFleetWise::Campaign.TimeBasedCollectionScheme": { "attributes": {}, - "description": "", + "description": "Information about a collection scheme that uses a time period to decide how often to collect data.", "properties": { - "PeriodMs": "" + "PeriodMs": "The time period (in milliseconds) to decide how often to collect data. For example, if the time period is `60000` , the Edge Agent software collects data once every minute." } }, "AWS::IoTFleetWise::Campaign.TimestreamConfig": { "attributes": {}, - "description": "", + "description": "The Amazon Timestream table where the AWS IoT FleetWise campaign sends data. Timestream stores and organizes data to optimize query processing time and to reduce storage costs. For more information, see [Data modeling](https://docs.aws.amazon.com/timestream/latest/developerguide/data-modeling.html) in the *Amazon Timestream Developer Guide* .", "properties": { - "ExecutionRoleArn": "", - "TimestreamTableArn": "" + "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the task execution role that grants AWS IoT FleetWise permission to deliver data to the Amazon Timestream table.", + "TimestreamTableArn": "The Amazon Resource Name (ARN) of the Amazon Timestream table." } }, "AWS::IoTFleetWise::DecoderManifest": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "Ref": "" + "Arn": "The Amazon Resource Name (ARN) of the decoder manifest.", + "CreationTime": "The time the decoder manifest was created in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The time the decoder manifest was last updated in seconds since epoch (January 1, 1970 at midnight UTC time).", + "Ref": "`Ref` returns the Name." }, "description": "Creates the decoder manifest associated with a model manifest. To create a decoder manifest, the following must be true:\n\n- Every signal decoder has a unique name.\n- Each signal decoder is associated with a network interface.\n- Each network interface has a unique ID.\n- The signal decoders are specified in the model manifest.", "properties": { - "Description": "A brief description of the decoder manifest.", - "ModelManifestArn": "The ARN of a vehicle model (model manifest) associated with the decoder manifest.", + "Description": "(Optional) A brief description of the decoder manifest.", + "ModelManifestArn": "The Amazon Resource Name (ARN) of a vehicle model (model manifest) associated with the decoder manifest.", "Name": "The name of the decoder manifest.", - "NetworkInterfaces": "", - "SignalDecoders": "", - "Status": "The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", - "Tags": "" + "NetworkInterfaces": "(Optional) A list of information about available network interfaces.", + "SignalDecoders": "(Optional) A list of information about signal decoders.", + "Status": "(Optional) The state of the decoder manifest. If the status is `ACTIVE` , the decoder manifest can't be edited. If the status is marked `DRAFT` , you can edit the decoder manifest.", + "Tags": "(Optional) Metadata that can be used to manage the decoder manifest." } }, "AWS::IoTFleetWise::DecoderManifest.CanInterface": { @@ -28016,55 +28086,55 @@ "description": "A single controller area network (CAN) device interface.", "properties": { "Name": "The unique name of the interface.", - "ProtocolName": "The name of the communication protocol for the interface.", - "ProtocolVersion": "The version of the communication protocol for the interface." + "ProtocolName": "(Optional) The name of the communication protocol for the interface.", + "ProtocolVersion": "(Optional) The version of the communication protocol for the interface." } }, "AWS::IoTFleetWise::DecoderManifest.CanSignal": { "attributes": {}, - "description": "Information about a single controller area network (CAN) signal and the messages it receives and transmits.", + "description": "(Optional) Information about a single controller area network (CAN) signal and the messages it receives and transmits.", "properties": { "Factor": "A multiplier used to decode the CAN message.", "IsBigEndian": "Whether the byte ordering of a CAN message is big-endian.", "IsSigned": "Whether the message data is specified as a signed value.", "Length": "How many bytes of data are in the message.", "MessageId": "The ID of the message.", - "Name": "The name of the signal.", - "Offset": "Indicates where data appears in the CAN message.", + "Name": "(Optional) The name of the signal.", + "Offset": "The offset used to calculate the signal value. Combined with factor, the calculation is `value = raw_value * factor + offset` .", "StartBit": "Indicates the beginning of the CAN message." } }, "AWS::IoTFleetWise::DecoderManifest.NetworkInterfacesItems": { "attributes": {}, - "description": "", + "description": "(Optional) A list of information about available network interfaces.", "properties": { - "CanInterface": "", - "InterfaceId": "", - "ObdInterface": "", - "Type": "" + "CanInterface": "(Optional) Information about a network interface specified by the Controller Area Network (CAN) protocol.", + "InterfaceId": "The ID of the network interface.", + "ObdInterface": "(Optional) Information about a network interface specified by the On-board diagnostic (OBD) II protocol.", + "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." } }, "AWS::IoTFleetWise::DecoderManifest.ObdInterface": { "attributes": {}, "description": "A network interface that specifies the On-board diagnostic (OBD) II network protocol.", "properties": { - "DtcRequestIntervalSeconds": "The maximum number message requests per diagnostic trouble code per second.", - "HasTransmissionEcu": "Whether the vehicle has a transmission control module (TCM).", + "DtcRequestIntervalSeconds": "(Optional) The maximum number message requests per diagnostic trouble code per second.", + "HasTransmissionEcu": "(Optional) Whether the vehicle has a transmission control module (TCM).", "Name": "The name of the interface.", - "ObdStandard": "The standard OBD II PID.", - "PidRequestIntervalSeconds": "The maximum number message requests per second.", + "ObdStandard": "(Optional) The standard OBD II PID.", + "PidRequestIntervalSeconds": "(Optional) The maximum number message requests per second.", "RequestMessageId": "The ID of the message requesting vehicle data.", - "UseExtendedIds": "Whether to use extended IDs in the message." + "UseExtendedIds": "(Optional) Whether to use extended IDs in the message." } }, "AWS::IoTFleetWise::DecoderManifest.ObdSignal": { "attributes": {}, "description": "Information about signal messages using the on-board diagnostics (OBD) II protocol in a vehicle.", "properties": { - "BitMaskLength": "The number of bits to mask in a message.", - "BitRightShift": "The number of positions to shift bits in the message.", + "BitMaskLength": "(Optional) The number of bits to mask in a message.", + "BitRightShift": "(Optional) The number of positions to shift bits in the message.", "ByteLength": "The length of a message.", - "Offset": "Indicates where data appears in the message.", + "Offset": "The offset used to calculate the signal value. Combined with scaling, the calculation is `value = raw_value * scaling + offset` .", "Pid": "The diagnostic code used to request data from a vehicle for this signal.", "PidResponseLength": "The length of the requested data.", "Scaling": "A multiplier used to decode the message.", @@ -28074,102 +28144,102 @@ }, "AWS::IoTFleetWise::DecoderManifest.SignalDecodersItems": { "attributes": {}, - "description": "", + "description": "Information about a signal decoder.", "properties": { - "CanSignal": "", - "FullyQualifiedName": "", - "InterfaceId": "", - "ObdSignal": "", - "Type": "" + "CanSignal": "(Optional) Information about a single controller area network (CAN) signal and the messages it receives and transmits.", + "FullyQualifiedName": "The fully qualified name of a signal decoder as defined in a vehicle model.", + "InterfaceId": "The ID of a network interface that specifies what network protocol a vehicle follows.", + "ObdSignal": "(Optional) Information about signal messages using the on-board diagnostics (OBD) II protocol in a vehicle.", + "Type": "The network protocol for the vehicle. For example, `CAN_SIGNAL` specifies a protocol that defines how data is communicated between electronic control units (ECUs). `OBD_SIGNAL` specifies a protocol that defines how self-diagnostic data is communicated between ECUs." } }, "AWS::IoTFleetWise::Fleet": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "Ref": "" + "Arn": "The Amazon Resource Name (ARN) of the created fleet.", + "CreationTime": "The time the fleet was created in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The time the fleet was last updated, in seconds since epoch (January 1, 1970 at midnight UTC time).", + "Ref": "`Ref` returns the Id." }, "description": "Creates a fleet that represents a group of vehicles.\n\n> You must create both a signal catalog and vehicles before you can create a fleet. \n\nFor more information, see [Fleets](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/fleets.html) in the *AWS IoT FleetWise Developer Guide* .", "properties": { - "Description": "A brief description of the fleet.", + "Description": "(Optional) A brief description of the fleet.", "Id": "The unique ID of the fleet.", "SignalCatalogArn": "The ARN of the signal catalog associated with the fleet.", - "Tags": "" + "Tags": "(Optional) Metadata that can be used to manage the fleet." } }, "AWS::IoTFleetWise::ModelManifest": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "Ref": "" + "Arn": "The Amazon Resource Name (ARN) of the vehicle model.", + "CreationTime": "The time the vehicle model was created, in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The time the vehicle model was last updated, in seconds since epoch (January 1, 1970 at midnight UTC time).", + "Ref": "`Ref` returns the Name." }, "description": "Creates a vehicle model (model manifest) that specifies signals (attributes, branches, sensors, and actuators).\n\nFor more information, see [Vehicle models](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/vehicle-models.html) in the *AWS IoT FleetWise Developer Guide* .", "properties": { - "Description": "A brief description of the vehicle model.", + "Description": "(Optional) A brief description of the vehicle model.", "Name": "The name of the vehicle model.", - "Nodes": "", - "SignalCatalogArn": "The ARN of the signal catalog associated with the vehicle model.", - "Status": "The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", - "Tags": "" + "Nodes": "(Optional) A list of nodes, which are a general abstraction of signals.", + "SignalCatalogArn": "The Amazon Resource Name (ARN) of the signal catalog associated with the vehicle model.", + "Status": "(Optional) The state of the vehicle model. If the status is `ACTIVE` , the vehicle model can't be edited. If the status is `DRAFT` , you can edit the vehicle model.", + "Tags": "(Optional) Metadata that can be used to manage the vehicle model." } }, "AWS::IoTFleetWise::SignalCatalog": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "NodeCounts.TotalActuators": "", - "NodeCounts.TotalAttributes": "", - "NodeCounts.TotalBranches": "", - "NodeCounts.TotalNodes": "", - "NodeCounts.TotalSensors": "", - "Ref": "" + "Arn": "The Amazon Resource Name (ARN) of the signal catalog.", + "CreationTime": "The time the signal catalog was created in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The time the signal catalog was last updated in seconds since epoch (January 1, 1970 at midnight UTC time).", + "NodeCounts.TotalActuators": "The total number of nodes in a vehicle network that represent actuators.", + "NodeCounts.TotalAttributes": "The total number of nodes in a vehicle network that represent attributes.", + "NodeCounts.TotalBranches": "The total number of nodes in a vehicle network that represent branches.", + "NodeCounts.TotalNodes": "The total number of nodes in a vehicle network.", + "NodeCounts.TotalSensors": "The total number of nodes in a vehicle network that represent sensors.", + "Ref": "`Ref` returns the Name." }, "description": "Creates a collection of standardized signals that can be reused to create vehicle models.", "properties": { - "Description": "", - "Name": "The name of the signal catalog.", - "NodeCounts": "", - "Nodes": "", - "Tags": "" + "Description": "(Optional) A brief description of the signal catalog.", + "Name": "(Optional) The name of the signal catalog.", + "NodeCounts": "(Optional) Information about the number of nodes and node types in a vehicle network.", + "Nodes": "(Optional) A list of information about nodes, which are a general abstraction of signals.", + "Tags": "(Optional) Metadata that can be used to manage the signal catalog." } }, "AWS::IoTFleetWise::SignalCatalog.Actuator": { "attributes": {}, "description": "A signal that represents a vehicle device such as the engine, heater, and door locks. Data from an actuator reports the state of a certain vehicle device.\n\n> Updating actuator data can change the state of a device. For example, you can turn on or off the heater by updating its actuator data.", "properties": { - "AllowedValues": "A list of possible values an actuator can take.", - "AssignedValue": "A specified value for the actuator.", + "AllowedValues": "(Optional) A list of possible values an actuator can take.", + "AssignedValue": "(Optional) A specified value for the actuator.", "DataType": "The specified data type of the actuator.", - "Description": "A brief description of the actuator.", + "Description": "(Optional) A brief description of the actuator.", "FullyQualifiedName": "The fully qualified name of the actuator. For example, the fully qualified name of an actuator might be `Vehicle.Front.Left.Door.Lock` .", - "Max": "The specified possible maximum value of an actuator.", - "Min": "The specified possible minimum value of an actuator.", - "Unit": "The scientific unit for the actuator." + "Max": "(Optional) The specified possible maximum value of an actuator.", + "Min": "(Optional) The specified possible minimum value of an actuator.", + "Unit": "(Optional) The scientific unit for the actuator." } }, "AWS::IoTFleetWise::SignalCatalog.Attribute": { "attributes": {}, "description": "A signal that represents static information about the vehicle, such as engine type or manufacturing date.", "properties": { - "AllowedValues": "A list of possible values an attribute can be assigned.", - "AssignedValue": "A specified value for the attribute.", + "AllowedValues": "(Optional) A list of possible values an attribute can be assigned.", + "AssignedValue": "(Optional) A specified value for the attribute.", "DataType": "The specified data type of the attribute.", - "DefaultValue": "The default value of the attribute.", - "Description": "A brief description of the attribute.", + "DefaultValue": "(Optional) The default value of the attribute.", + "Description": "(Optional) A brief description of the attribute.", "FullyQualifiedName": "The fully qualified name of the attribute. For example, the fully qualified name of an attribute might be `Vehicle.Body.Engine.Type` .", - "Max": "The specified possible maximum value of the attribute.", - "Min": "The specified possible minimum value of the attribute.", - "Unit": "The scientific unit for the attribute." + "Max": "(Optional) The specified possible maximum value of the attribute.", + "Min": "(Optional) The specified possible minimum value of the attribute.", + "Unit": "(Optional) The scientific unit for the attribute." } }, "AWS::IoTFleetWise::SignalCatalog.Branch": { "attributes": {}, "description": "A group of signals that are defined in a hierarchical structure.", "properties": { - "Description": "A brief description of the branch.", + "Description": "(Optional) A brief description of the branch.", "FullyQualifiedName": "The fully qualified name of the branch. For example, the fully qualified name of a branch might be `Vehicle.Body.Engine` ." } }, @@ -28177,51 +28247,51 @@ "attributes": {}, "description": "A general abstraction of a signal. A node can be specified as an actuator, attribute, branch, or sensor.", "properties": { - "Actuator": "Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", - "Attribute": "Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", - "Branch": "Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", - "Sensor": "" + "Actuator": "(Optional) Information about a node specified as an actuator.\n\n> An actuator is a digital representation of a vehicle device.", + "Attribute": "(Optional) Information about a node specified as an attribute.\n\n> An attribute represents static information about a vehicle.", + "Branch": "(Optional) Information about a node specified as a branch.\n\n> A group of signals that are defined in a hierarchical structure.", + "Sensor": "(Optional) An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors." } }, "AWS::IoTFleetWise::SignalCatalog.NodeCounts": { "attributes": {}, - "description": "", + "description": "Information about the number of nodes and node types in a vehicle network.", "properties": { - "TotalActuators": "", - "TotalAttributes": "", - "TotalBranches": "", - "TotalNodes": "", - "TotalSensors": "" + "TotalActuators": "(Optional) The total number of nodes in a vehicle network that represent actuators.", + "TotalAttributes": "(Optional) The total number of nodes in a vehicle network that represent attributes.", + "TotalBranches": "(Optional) The total number of nodes in a vehicle network that represent branches.", + "TotalNodes": "(Optional) The total number of nodes in a vehicle network.", + "TotalSensors": "(Optional) The total number of nodes in a vehicle network that represent sensors." } }, "AWS::IoTFleetWise::SignalCatalog.Sensor": { "attributes": {}, "description": "An input component that reports the environmental condition of a vehicle.\n\n> You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.", "properties": { - "AllowedValues": "A list of possible values a sensor can take.", + "AllowedValues": "(Optional) A list of possible values a sensor can take.", "DataType": "The specified data type of the sensor.", - "Description": "A brief description of a sensor.", + "Description": "(Optional) A brief description of a sensor.", "FullyQualifiedName": "The fully qualified name of the sensor. For example, the fully qualified name of a sensor might be `Vehicle.Body.Engine.Battery` .", - "Max": "The specified possible maximum value of the sensor.", - "Min": "The specified possible minimum value of the sensor.", - "Unit": "The scientific unit of measurement for data collected by the sensor." + "Max": "(Optional) The specified possible maximum value of the sensor.", + "Min": "(Optional) The specified possible minimum value of the sensor.", + "Unit": "(Optional) The scientific unit of measurement for data collected by the sensor." } }, "AWS::IoTFleetWise::Vehicle": { "attributes": { - "Arn": "", - "CreationTime": "", - "LastModificationTime": "", - "Ref": "" + "Arn": "The Amazon Resource Name (ARN) of the vehicle.", + "CreationTime": "The time the vehicle was created in seconds since epoch (January 1, 1970 at midnight UTC time).", + "LastModificationTime": "The time the vehicle was last updated in seconds since epoch (January 1, 1970 at midnight UTC time).", + "Ref": "`Ref` returns the Name." }, - "description": "Creates a vehicle, which is an instance of a vehicle model (model manifest). Vehicles created from the same vehicle model consist of the same signals inherited from the vehicle model.\n\n> If you have an existing AWS IoT Thing, you can use AWS IoT FleetWise to create a vehicle and collect data from your thing. \n\nFor more information, see [Create a vehicle (CLI)](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/create-vehicle-cli.html) in the *AWS IoT FleetWise Developer Guide* .", + "description": "Creates a vehicle, which is an instance of a vehicle model (model manifest). Vehicles created from the same vehicle model consist of the same signals inherited from the vehicle model.\n\n> If you have an existing AWS IoT thing, you can use AWS IoT FleetWise to create a vehicle and collect data from your thing. \n\nFor more information, see [Create a vehicle (console)](https://docs.aws.amazon.com/iot-fleetwise/latest/developerguide/create-vehicle-console.html) in the *AWS IoT FleetWise Developer Guide* .", "properties": { - "AssociationBehavior": "An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", - "Attributes": "Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", + "AssociationBehavior": "(Optional) An option to create a new AWS IoT thing when creating a vehicle, or to validate an existing thing as a vehicle.", + "Attributes": "(Optional) Static information about a vehicle in a key-value pair. For example: `\"engine Type\"` : `\"v6\"`", "DecoderManifestArn": "The Amazon Resource Name (ARN) of a decoder manifest associated with the vehicle to create.", - "ModelManifestArn": "The ARN of the vehicle model (model manifest) to create the vehicle from.", - "Name": "", - "Tags": "Metadata which can be used to manage the vehicle." + "ModelManifestArn": "The Amazon Resource Name (ARN) of the vehicle model (model manifest) to create the vehicle from.", + "Name": "The unique ID of the vehicle.", + "Tags": "(Optional) Metadata which can be used to manage the vehicle." } }, "AWS::IoTSiteWise::AccessPolicy": { @@ -29868,10 +29938,10 @@ "CrawlAttachments": "`TRUE` to index attachments to knowledge articles.", "DocumentDataFieldName": "The name of the ServiceNow field that is mapped to the index document contents field in the Amazon Kendra index.", "DocumentTitleFieldName": "The name of the ServiceNow field that is mapped to the index document title field.", - "ExcludeAttachmentFilePatterns": "A list of regular expression patterns to exclude certain attachments of knowledge articles in your ServiceNow. Item that match the patterns are excluded from the index. Items that don't match the patterns are included in the index. If an item matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the item isn't included in the index.\n\nThe regex is applied to the field specified in the `PatternTargetField` .", + "ExcludeAttachmentFilePatterns": "A list of regular expression patterns applied to exclude certain knowledge article attachments. Attachments that match the patterns are excluded from the index. Items that don't match the patterns are included in the index. If an item matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the item isn't included in the index.", "FieldMappings": "Maps attributes or field names of knoweldge articles to Amazon Kendra index field names. To create custom fields, use the `UpdateIndex` API before you map to ServiceNow fields. For more information, see [Mapping data source fields](https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html) . The ServiceNow data source field names must exist in your ServiceNow custom metadata.", "FilterQuery": "A query that selects the knowledge articles to index. The query can return articles from multiple knowledge bases, and the knowledge bases can be public or private.\n\nThe query string must be one generated by the ServiceNow console. For more information, see [Specifying documents to index with a query](https://docs.aws.amazon.com/kendra/latest/dg/servicenow-query.html) .", - "IncludeAttachmentFilePatterns": "A list of regular expression patterns to include certain attachments of knowledge articles in your ServiceNow. Item that match the patterns are included in the index. Items that don't match the patterns are excluded from the index. If an item matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the item isn't included in the index.\n\nThe regex is applied to the field specified in the `PatternTargetField` ." + "IncludeAttachmentFilePatterns": "A list of regular expression patterns applied to include knowledge article attachments. Attachments that match the patterns are included in the index. Items that don't match the patterns are excluded from the index. If an item matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the item isn't included in the index." } }, "AWS::Kendra::DataSource.ServiceNowServiceCatalogConfiguration": { @@ -33630,7 +33700,7 @@ "attributes": {}, "description": "Specifies the map tile style selected from an available provider.", "properties": { - "Style": "Specifies the map style selected from an available data provider.\n\nValid [Esri map styles](https://docs.aws.amazon.com/location/latest/developerguide/esri.html) :\n\n- `VectorEsriDarkGrayCanvas` \u2013 The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `RasterEsriImagery` \u2013 The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.\n- `VectorEsriLightGrayCanvas` \u2013 The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `VectorEsriTopographic` \u2013 The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.\n- `VectorEsriStreets` \u2013 The Esri World Streets map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.\n- `VectorEsriNavigation` \u2013 The Esri World Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.\n\nValid [HERE Technologies map styles](https://docs.aws.amazon.com/location/latest/developerguide/HERE.html) :\n\n- `VectorHereContrast` \u2013 The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.\n\n> The `VectorHereContrast` style has been renamed from `VectorHereBerlin` . `VectorHereBerlin` has been deprecated, but will continue to work in applications that use it.\n- `VectorHereExplore` \u2013 A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.\n- `VectorHereExploreTruck` \u2013 A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.\n- `RasterHereExploreSatellite` \u2013 A global map containing high resolution satellite imagery.\n- `HybridHereExploreSatellite` \u2013 A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.\n\n> Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.\n\nValid [GrabMaps map styles](https://docs.aws.amazon.com/location/latest/developerguide/grab.html) :\n\n- `VectorGrabStandardLight` \u2013 The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.\n- `VectorGrabStandardDark` \u2013 The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.\n\n> Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region ( `ap-southeast-1` ). For more information, see [GrabMaps countries and area covered](https://docs.aws.amazon.com/location/latest/developerguide/grab.html#grab-coverage-area) . \n\nValid [Open Data map styles](https://docs.aws.amazon.com/location/latest/developerguide/open-data.html) :\n\n- `VectorOpenDataStandardLight` \u2013 The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataStandardDark` \u2013 Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataVisualizationLight` \u2013 The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.\n- `VectorOpenDataVisualizationDark` \u2013 The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data." + "Style": "Specifies the map style selected from an available data provider.\n\nValid [Esri map styles](https://docs.aws.amazon.com/location/latest/developerguide/esri.html) :\n\n- `VectorEsriDarkGrayCanvas` \u2013 The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `RasterEsriImagery` \u2013 The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.\n- `VectorEsriLightGrayCanvas` \u2013 The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.\n- `VectorEsriTopographic` \u2013 The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.\n- `VectorEsriStreets` \u2013 The Esri Street Map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.\n- `VectorEsriNavigation` \u2013 The Esri Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.\n\nValid [HERE Technologies map styles](https://docs.aws.amazon.com/location/latest/developerguide/HERE.html) :\n\n- `VectorHereContrast` \u2013 The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.\n\n> The `VectorHereContrast` style has been renamed from `VectorHereBerlin` . `VectorHereBerlin` has been deprecated, but will continue to work in applications that use it.\n- `VectorHereExplore` \u2013 A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.\n- `VectorHereExploreTruck` \u2013 A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.\n- `RasterHereExploreSatellite` \u2013 A global map containing high resolution satellite imagery.\n- `HybridHereExploreSatellite` \u2013 A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.\n\n> Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.\n\nValid [GrabMaps map styles](https://docs.aws.amazon.com/location/latest/developerguide/grab.html) :\n\n- `VectorGrabStandardLight` \u2013 The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.\n- `VectorGrabStandardDark` \u2013 The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.\n\n> Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region ( `ap-southeast-1` ). For more information, see [GrabMaps countries and area covered](https://docs.aws.amazon.com/location/latest/developerguide/grab.html#grab-coverage-area) . \n\nValid [Open Data map styles](https://docs.aws.amazon.com/location/latest/developerguide/open-data.html) :\n\n- `VectorOpenDataStandardLight` \u2013 The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataStandardDark` \u2013 Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.\n- `VectorOpenDataVisualizationLight` \u2013 The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.\n- `VectorOpenDataVisualizationDark` \u2013 The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data." } }, "AWS::Location::PlaceIndex": { @@ -49710,7 +49780,9 @@ "ColumnGroups": "Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.", "ColumnLevelPermissionRules": "A set of one or more definitions of a `ColumnLevelPermissionRule` .", "DataSetId": "An ID for the dataset that you want to create. This ID is unique per AWS Region for each AWS account.", + "DataSetRefreshProperties": "", "DataSetUsageConfiguration": "The usage configuration to apply to child datasets that reference this dataset as a source.", + "DatasetParameters": "The parameters that are declared in a dataset.", "FieldFolders": "The folder that contains fields and nested subfolders for your dataset.", "ImportMode": "Indicates whether you want to import the data into SPICE.", "IngestionWaitPolicy": "The wait policy to use when creating or updating a Dataset. The default is to wait for SPICE ingestion to finish with timeout of 36 hours.", @@ -49719,6 +49791,7 @@ "Permissions": "A list of resource permissions on the dataset.", "PhysicalTableMap": "Declares the physical tables that are available in the underlying data sources.", "RowLevelPermissionDataSet": "The row-level security configuration for the data that you want to create.", + "RowLevelPermissionTagConfiguration": "The element you can use to define tags for row-level security.", "Tags": "Contains a map of the key-value pairs for the resource tag or tags assigned to the dataset." } }, @@ -49787,6 +49860,13 @@ "SqlQuery": "The SQL query." } }, + "AWS::QuickSight::DataSet.DataSetRefreshProperties": { + "attributes": {}, + "description": "The refresh properties of a dataset.", + "properties": { + "RefreshConfiguration": "The refresh configuration for a dataset." + } + }, "AWS::QuickSight::DataSet.DataSetUsageConfiguration": { "attributes": {}, "description": "The usage configuration to apply to child datasets that reference this dataset as a source.", @@ -49795,6 +49875,51 @@ "DisableUseAsImportedSource": "An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source." } }, + "AWS::QuickSight::DataSet.DatasetParameter": { + "attributes": {}, + "description": "", + "properties": { + "DateTimeDatasetParameter": "", + "DecimalDatasetParameter": "", + "IntegerDatasetParameter": "", + "StringDatasetParameter": "" + } + }, + "AWS::QuickSight::DataSet.DateTimeDatasetParameter": { + "attributes": {}, + "description": "", + "properties": { + "DefaultValues": "", + "Id": "", + "Name": "", + "TimeGranularity": "", + "ValueType": "" + } + }, + "AWS::QuickSight::DataSet.DateTimeDatasetParameterDefaultValues": { + "attributes": {}, + "description": "", + "properties": { + "StaticValues": "" + } + }, + "AWS::QuickSight::DataSet.DecimalDatasetParameter": { + "attributes": {}, + "description": "", + "properties": { + "DefaultValues": "", + "Id": "", + "Name": "", + "ValueType": "" + } + }, + "AWS::QuickSight::DataSet.DecimalDatasetParameterDefaultValues": { + "attributes": {}, + "description": "", + "properties": { + "StaticValues": "" + } + }, "AWS::QuickSight::DataSet.FieldFolder": { "attributes": {}, "description": "A FieldFolder element is a folder that contains fields and nested subfolders.", @@ -49819,6 +49944,13 @@ "Name": "A display name for the hierarchy." } }, + "AWS::QuickSight::DataSet.IncrementalRefresh": { + "attributes": {}, + "description": "The incremental refresh configuration for a dataset.", + "properties": { + "LookbackWindow": "The lookback window setup for an incremental refresh configuration." + } + }, "AWS::QuickSight::DataSet.IngestionWaitPolicy": { "attributes": {}, "description": "The wait policy to use when creating or updating a Dataset. The default is to wait for SPICE ingestion to finish with timeout of 36 hours.", @@ -49835,6 +49967,23 @@ "Type": "The data type of the column." } }, + "AWS::QuickSight::DataSet.IntegerDatasetParameter": { + "attributes": {}, + "description": "", + "properties": { + "DefaultValues": "", + "Id": "", + "Name": "", + "ValueType": "" + } + }, + "AWS::QuickSight::DataSet.IntegerDatasetParameterDefaultValues": { + "attributes": {}, + "description": "", + "properties": { + "StaticValues": "" + } + }, "AWS::QuickSight::DataSet.JoinInstruction": { "attributes": {}, "description": "The instructions associated with a join.", @@ -49872,6 +50021,25 @@ "PhysicalTableId": "Physical table ID." } }, + "AWS::QuickSight::DataSet.LookbackWindow": { + "attributes": {}, + "description": "The lookback window setup of an incremental refresh configuration.", + "properties": { + "ColumnName": "The name of the lookback window column.", + "Size": "The lookback window column size.", + "SizeUnit": "The size unit that is used for the lookback window column. Valid values for this structure are `HOUR` , `DAY` , and `WEEK` ." + } + }, + "AWS::QuickSight::DataSet.NewDefaultValues": { + "attributes": {}, + "description": "", + "properties": { + "DateTimeStaticValues": "", + "DecimalStaticValues": "", + "IntegerStaticValues": "", + "StringStaticValues": "" + } + }, "AWS::QuickSight::DataSet.OutputColumn": { "attributes": {}, "description": "Output column.", @@ -49881,6 +50049,15 @@ "Type": "The type." } }, + "AWS::QuickSight::DataSet.OverrideDatasetParameterOperation": { + "attributes": {}, + "description": "A transform operation that overrides the dataset parameter values that are defined in another dataset.", + "properties": { + "NewDefaultValues": "The new default values for the parameter.", + "NewParameterName": "The new name for the parameter.", + "ParameterName": "The name of the parameter to be overridden with different values." + } + }, "AWS::QuickSight::DataSet.PhysicalTable": { "attributes": {}, "description": "A view of a data source that contains information about the shape of the data in the underlying source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.", @@ -49897,6 +50074,13 @@ "ProjectedColumns": "Projected columns." } }, + "AWS::QuickSight::DataSet.RefreshConfiguration": { + "attributes": {}, + "description": "The refresh configuration of a dataset.", + "properties": { + "IncrementalRefresh": "The incremental refresh for the dataset." + } + }, "AWS::QuickSight::DataSet.RelationalTable": { "attributes": {}, "description": "A physical table type for relational data sources.", @@ -49931,7 +50115,27 @@ "Arn": "The Amazon Resource Name (ARN) of the dataset that contains permissions for RLS.", "FormatVersion": "The user or group rules associated with the dataset that contains permissions for RLS.\n\nBy default, `FormatVersion` is `VERSION_1` . When `FormatVersion` is `VERSION_1` , `UserName` and `GroupName` are required. When `FormatVersion` is `VERSION_2` , `UserARN` and `GroupARN` are required, and `Namespace` must not exist.", "Namespace": "The namespace associated with the dataset that contains permissions for RLS.", - "PermissionPolicy": "The type of permissions to use when interpreting the permissions for RLS. `DENY_ACCESS` is included for backward compatibility only." + "PermissionPolicy": "The type of permissions to use when interpreting the permissions for RLS. `DENY_ACCESS` is included for backward compatibility only.", + "Status": "The status of the row-level security permission dataset. If enabled, the status is `ENABLED` . If disabled, the status is `DISABLED` ." + } + }, + "AWS::QuickSight::DataSet.RowLevelPermissionTagConfiguration": { + "attributes": {}, + "description": "", + "properties": { + "Status": "", + "TagRuleConfigurations": "", + "TagRules": "" + } + }, + "AWS::QuickSight::DataSet.RowLevelPermissionTagRule": { + "attributes": {}, + "description": "", + "properties": { + "ColumnName": "", + "MatchAllValue": "", + "TagKey": "", + "TagMultiValueDelimiter": "" } }, "AWS::QuickSight::DataSet.S3Source": { @@ -49943,6 +50147,23 @@ "UploadSettings": "Information about the format for the S3 source file or files." } }, + "AWS::QuickSight::DataSet.StringDatasetParameter": { + "attributes": {}, + "description": "", + "properties": { + "DefaultValues": "", + "Id": "", + "Name": "", + "ValueType": "" + } + }, + "AWS::QuickSight::DataSet.StringDatasetParameterDefaultValues": { + "attributes": {}, + "description": "", + "properties": { + "StaticValues": "" + } + }, "AWS::QuickSight::DataSet.TagColumnOperation": { "attributes": {}, "description": "A transform operation that tags a column with additional information.", @@ -49958,6 +50179,7 @@ "CastColumnTypeOperation": "A transform operation that casts a column to a different type.", "CreateColumnsOperation": "An operation that creates calculated columns. Columns created in one such operation form a lexical closure.", "FilterOperation": "An operation that filters rows based on some condition.", + "OverrideDatasetParameterOperation": "", "ProjectOperation": "An operation that projects columns. Operations that come after a projection can only refer to projected columns.", "RenameColumnOperation": "An operation that renames a column.", "TagColumnOperation": "An operation that tags a column with additional information." @@ -50015,6 +50237,7 @@ "attributes": {}, "description": "Parameters for Amazon Athena.", "properties": { + "RoleArn": "Use the `RoleArn` structure to override an account-wide role for a specific Athena data source. For example, say an account administrator has turned off all Athena access with an account-wide role. The administrator can then use `RoleArn` to bypass the account-wide role and allow Athena access for the single Athena data source that is specified in the structure, even if the account-wide role forbidding Athena access is still active.", "WorkGroup": "The workgroup that Amazon Athena uses." } }, @@ -50178,7 +50401,8 @@ "attributes": {}, "description": "The parameters for S3.", "properties": { - "ManifestFileLocation": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight." + "ManifestFileLocation": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight.", + "RoleArn": "Use the `RoleArn` structure to override an account-wide role for a specific S3 data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use `RoleArn` to bypass the account-wide role and allow S3 access for the single S3 data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active." } }, "AWS::QuickSight::DataSource.SnowflakeParameters": { @@ -56014,7 +56238,7 @@ "description": "The configuration for the URI path route type.", "properties": { "ActivationState": "If set to `ACTIVE` , traffic is forwarded to this route\u2019s service after the route is created.", - "AppendSourcePath": "", + "AppendSourcePath": "If set to `true` , this option appends the source path to the service URL endpoint.", "IncludeChildPaths": "Indicates whether to match all subpaths of the given source path. If this value is `false` , requests must match the source path exactly before they are forwarded to this route's service.", "Methods": "A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route\u2019s service.", "SourcePath": "This is the path that Refactor Spaces uses to match traffic. Paths must start with `/` and are relative to the base of the application. To use path parameters in the source path, add a variable in curly braces. For example, the resource path {user} represents a path parameter called 'user'." @@ -58591,7 +58815,7 @@ "description": "The `AWS::SNS::TopicPolicy` resource associates Amazon SNS topics with a policy. For an example snippet, see [Declaring an Amazon SNS policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-sns-policy) in the *AWS CloudFormation User Guide* .", "properties": { "PolicyDocument": "A policy document that contains permissions to add to the specified SNS topics.", - "Topics": "The Amazon Resource Names (ARN) of the topics to which you want to add the policy. You can use the `[Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html)` function to specify an `[AWS::SNS::Topic](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html)` resource." + "Topics": "The Amazon Resource Names (ARN) of the topics to which you want to add the policy. You can use the `[Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html)` function to specify an `[AWS::SNS::Topic](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topic.html)` resource." } }, "AWS::SQS::Queue": { @@ -64534,7 +64758,7 @@ "attributes": {}, "description": "Inspect the body of the web request. The body immediately follows the request headers.\n\nThis is used to indicate the web request component to inspect, in the `FieldToMatch` specification.", "properties": { - "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the body normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" + "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available body contents normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" } }, "AWS::WAFv2::RuleGroup.ByteMatchStatement": { @@ -64591,7 +64815,7 @@ "properties": { "MatchPattern": "The filter to use to identify the subset of cookies to inspect in a web request.\n\nYou must specify exactly one setting: either `All` , `IncludedCookies` , or `ExcludedCookies` .\n\nExample JSON: `\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }`", "MatchScope": "The parts of the cookies to inspect with the rule inspection criteria. If you specify `All` , AWS WAF inspects both keys and values.", - "OversizeHandling": "What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the cookies normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." + "OversizeHandling": "What AWS WAF should do if the cookies of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available cookies normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." } }, "AWS::WAFv2::RuleGroup.CountAction": { @@ -64680,7 +64904,7 @@ "properties": { "MatchPattern": "The filter to use to identify the subset of headers to inspect in a web request.\n\nYou must specify exactly one setting: either `All` , `IncludedHeaders` , or `ExcludedHeaders` .\n\nExample JSON: `\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }`", "MatchScope": "The parts of the headers to match with the rule inspection criteria. If you specify `All` , AWS WAF inspects both keys and values.", - "OversizeHandling": "What AWS WAF should do if the headers of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the headers normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." + "OversizeHandling": "What AWS WAF should do if the headers of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available headers normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." } }, "AWS::WAFv2::RuleGroup.IPSetForwardedIPConfiguration": { @@ -64714,7 +64938,7 @@ "InvalidFallbackBehavior": "What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:\n\n- `EVALUATE_AS_STRING` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nIf you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.\n\nAWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.\n\nAWS WAF parses the JSON in the following examples as two valid key, value pairs:\n\n- Missing comma: `{\"key1\":\"value1\"\"key2\":\"value2\"}`\n- Missing colon: `{\"key1\":\"value1\",\"key2\"\"value2\"}`\n- Extra colons: `{\"key1\"::\"value1\",\"key2\"\"value2\"}`", "MatchPattern": "The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.", "MatchScope": "The parts of the JSON to match against using the `MatchPattern` . If you specify `All` , AWS WAF matches against keys and values.", - "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the body normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" + "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available body contents normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" } }, "AWS::WAFv2::RuleGroup.JsonMatchPattern": { @@ -64955,7 +65179,7 @@ "attributes": {}, "description": "Inspect the body of the web request. The body immediately follows the request headers.\n\nThis is used to indicate the web request component to inspect, in the `FieldToMatch` specification.", "properties": { - "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the body normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" + "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available body contents normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" } }, "AWS::WAFv2::WebACL.ByteMatchStatement": { @@ -65012,7 +65236,7 @@ "properties": { "MatchPattern": "The filter to use to identify the subset of cookies to inspect in a web request.\n\nYou must specify exactly one setting: either `All` , `IncludedCookies` , or `ExcludedCookies` .\n\nExample JSON: `\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }`", "MatchScope": "The parts of the cookies to inspect with the rule inspection criteria. If you specify `All` , AWS WAF inspects both keys and values.", - "OversizeHandling": "What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the cookies normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." + "OversizeHandling": "What AWS WAF should do if the cookies of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available cookies normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." } }, "AWS::WAFv2::WebACL.CountAction": { @@ -65123,7 +65347,7 @@ "properties": { "MatchPattern": "The filter to use to identify the subset of headers to inspect in a web request.\n\nYou must specify exactly one setting: either `All` , `IncludedHeaders` , or `ExcludedHeaders` .\n\nExample JSON: `\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }`", "MatchScope": "The parts of the headers to match with the rule inspection criteria. If you specify `All` , AWS WAF inspects both keys and values.", - "OversizeHandling": "What AWS WAF should do if the headers of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the headers normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." + "OversizeHandling": "What AWS WAF should do if the headers of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available headers normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement." } }, "AWS::WAFv2::WebACL.IPSetForwardedIPConfiguration": { @@ -65157,7 +65381,7 @@ "InvalidFallbackBehavior": "What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:\n\n- `EVALUATE_AS_STRING` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nIf you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.\n\nAWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.\n\nAWS WAF parses the JSON in the following examples as two valid key, value pairs:\n\n- Missing comma: `{\"key1\":\"value1\"\"key2\":\"value2\"}`\n- Missing colon: `{\"key1\":\"value1\",\"key2\"\"value2\"}`\n- Extra colons: `{\"key1\"::\"value1\",\"key2\"\"value2\"}`", "MatchPattern": "The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.", "MatchScope": "The parts of the JSON to match against using the `MatchPattern` . If you specify `All` , AWS WAF matches against keys and values.", - "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the body normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" + "OversizeHandling": "What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to AWS WAF for inspection.\n\nThe default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL `AssociationConfig` , for additional processing fees.\n\nThe options for oversize handling are the following:\n\n- `CONTINUE` - Inspect the available body contents normally, according to the rule inspection criteria.\n- `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.\n- `NO_MATCH` - Treat the web request as not matching the rule statement.\n\nYou can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.\n\nDefault: `CONTINUE`" } }, "AWS::WAFv2::WebACL.JsonMatchPattern": { @@ -65536,7 +65760,7 @@ "AWS::WorkSpaces::ConnectionAlias": { "attributes": { "AliasId": "The identifier of the connection alias, returned as a string.", - "Associations": "The association status of the connection alias, returned as an array of `ConnectionAliasAssociation` objects.", + "Associations": "", "ConnectionAliasState": "The current state of the connection alias, returned as a string.", "Ref": "`Ref` returns the resource name." }, @@ -65548,12 +65772,12 @@ }, "AWS::WorkSpaces::ConnectionAlias.ConnectionAliasAssociation": { "attributes": {}, - "description": "Describes a connection alias association that is used for cross-Region redirection. For more information, see [Cross-Region Redirection for Amazon WorkSpaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/cross-region-redirection.html) .", + "description": "", "properties": { - "AssociatedAccountId": "The identifier of the AWS account that associated the connection alias with a directory.", - "AssociationStatus": "The association status of the connection alias.", - "ConnectionIdentifier": "The identifier of the connection alias association. You use the connection identifier in the DNS TXT record when you're configuring your DNS routing policies.", - "ResourceId": "The identifier of the directory associated with a connection alias." + "AssociatedAccountId": "", + "AssociationStatus": "", + "ConnectionIdentifier": "", + "ResourceId": "" } }, "AWS::WorkSpaces::Workspace": {