Merge pull request #1943 from hashicorp/f-08-07-2024-schema-updates

08/07/2024 CloudFormation schema refresh

CHANGELOG.md

@@ -1,4 +1,9 @@
 ## 1.9.0 (Unreleased)
+
+FEATURES:
+
+* provider: Updated resource schemas
+
 ## 1.8.0 (August  1, 2024)
 
 FEATURES:

docs/data-sources/codepipeline_pipeline.md

@@ -97,9 +97,11 @@ Read-Only:
 Read-Only:
 
 - `actions` (Attributes List) (see [below for nested schema](#nestedatt--stages--actions))
+- `before_entry` (Attributes) The method to use before stage runs. (see [below for nested schema](#nestedatt--stages--before_entry))
 - `blockers` (Attributes List) (see [below for nested schema](#nestedatt--stages--blockers))
 - `name` (String) The name of the stage.
 - `on_failure` (Attributes) The method to use when a stage has not completed successfully (see [below for nested schema](#nestedatt--stages--on_failure))
+- `on_success` (Attributes) The method to use when a stage has completed successfully (see [below for nested schema](#nestedatt--stages--on_success))
 
 <a id="nestedatt--stages--actions"></a>
 ### Nested Schema for `stages.actions`
@@ -145,6 +147,55 @@ Read-Only:
 
 
 
+<a id="nestedatt--stages--before_entry"></a>
+### Nested Schema for `stages.before_entry`
+
+Read-Only:
+
+- `conditions` (Attributes List) (see [below for nested schema](#nestedatt--stages--before_entry--conditions))
+
+<a id="nestedatt--stages--before_entry--conditions"></a>
+### Nested Schema for `stages.before_entry.conditions`
+
+Read-Only:
+
+- `result` (String) The specified result for when the failure conditions are met, such as rolling back the stage
+- `rules` (Attributes List) (see [below for nested schema](#nestedatt--stages--before_entry--conditions--rules))
+
+<a id="nestedatt--stages--before_entry--conditions--rules"></a>
+### Nested Schema for `stages.before_entry.conditions.rules`
+
+Read-Only:
+
+- `configuration` (String) The rule's configuration. These are key-value pairs that specify input values for a rule.
+- `input_artifacts` (Attributes List) (see [below for nested schema](#nestedatt--stages--before_entry--conditions--rules--input_artifacts))
+- `name` (String) The rule declaration's name.
+- `region` (String) The rule declaration's AWS Region, such as us-east-1.
+- `role_arn` (String) The ARN of the IAM service role that performs the declared rule. This is assumed through the roleArn for the pipeline.
+- `rule_type_id` (Attributes) Represents information about a rule type. (see [below for nested schema](#nestedatt--stages--before_entry--conditions--rules--rule_type_id))
+
+<a id="nestedatt--stages--before_entry--conditions--rules--input_artifacts"></a>
+### Nested Schema for `stages.before_entry.conditions.rules.input_artifacts`
+
+Read-Only:
+
+- `name` (String) The name of the artifact to be worked on (for example, "My App").
+
+
+<a id="nestedatt--stages--before_entry--conditions--rules--rule_type_id"></a>
+### Nested Schema for `stages.before_entry.conditions.rules.rule_type_id`
+
+Read-Only:
+
+- `category` (String) A category for the provider type for the rule.
+- `owner` (String) The creator of the rule being called. Only AWS is supported.
+- `provider` (String) The provider of the service being called by the rule.
+- `version` (String) A string that describes the rule version.
+
+
+
+
+
 <a id="nestedatt--stages--blockers"></a>
 ### Nested Schema for `stages.blockers`
 
@@ -159,7 +210,98 @@ Read-Only:
 
 Read-Only:
 
+- `conditions` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_failure--conditions))
+- `result` (String) The specified result for when the failure conditions are met, such as rolling back the stage
+
+<a id="nestedatt--stages--on_failure--conditions"></a>
+### Nested Schema for `stages.on_failure.conditions`
+
+Read-Only:
+
+- `result` (String) The specified result for when the failure conditions are met, such as rolling back the stage
+- `rules` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_failure--conditions--rules))
+
+<a id="nestedatt--stages--on_failure--conditions--rules"></a>
+### Nested Schema for `stages.on_failure.conditions.rules`
+
+Read-Only:
+
+- `configuration` (String) The rule's configuration. These are key-value pairs that specify input values for a rule.
+- `input_artifacts` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_failure--conditions--rules--input_artifacts))
+- `name` (String) The rule declaration's name.
+- `region` (String) The rule declaration's AWS Region, such as us-east-1.
+- `role_arn` (String) The ARN of the IAM service role that performs the declared rule. This is assumed through the roleArn for the pipeline.
+- `rule_type_id` (Attributes) Represents information about a rule type. (see [below for nested schema](#nestedatt--stages--on_failure--conditions--rules--rule_type_id))
+
+<a id="nestedatt--stages--on_failure--conditions--rules--input_artifacts"></a>
+### Nested Schema for `stages.on_failure.conditions.rules.input_artifacts`
+
+Read-Only:
+
+- `name` (String) The name of the artifact to be worked on (for example, "My App").
+
+
+<a id="nestedatt--stages--on_failure--conditions--rules--rule_type_id"></a>
+### Nested Schema for `stages.on_failure.conditions.rules.rule_type_id`
+
+Read-Only:
+
+- `category` (String) A category for the provider type for the rule.
+- `owner` (String) The creator of the rule being called. Only AWS is supported.
+- `provider` (String) The provider of the service being called by the rule.
+- `version` (String) A string that describes the rule version.
+
+
+
+
+
+<a id="nestedatt--stages--on_success"></a>
+### Nested Schema for `stages.on_success`
+
+Read-Only:
+
+- `conditions` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_success--conditions))
+
+<a id="nestedatt--stages--on_success--conditions"></a>
+### Nested Schema for `stages.on_success.conditions`
+
+Read-Only:
+
 - `result` (String) The specified result for when the failure conditions are met, such as rolling back the stage
+- `rules` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_success--conditions--rules))
+
+<a id="nestedatt--stages--on_success--conditions--rules"></a>
+### Nested Schema for `stages.on_success.conditions.rules`
+
+Read-Only:
+
+- `configuration` (String) The rule's configuration. These are key-value pairs that specify input values for a rule.
+- `input_artifacts` (Attributes List) (see [below for nested schema](#nestedatt--stages--on_success--conditions--rules--input_artifacts))
+- `name` (String) The rule declaration's name.
+- `region` (String) The rule declaration's AWS Region, such as us-east-1.
+- `role_arn` (String) The ARN of the IAM service role that performs the declared rule. This is assumed through the roleArn for the pipeline.
+- `rule_type_id` (Attributes) Represents information about a rule type. (see [below for nested schema](#nestedatt--stages--on_success--conditions--rules--rule_type_id))
+
+<a id="nestedatt--stages--on_success--conditions--rules--input_artifacts"></a>
+### Nested Schema for `stages.on_success.conditions.rules.input_artifacts`
+
+Read-Only:
+
+- `name` (String) The name of the artifact to be worked on (for example, "My App").
+
+
+<a id="nestedatt--stages--on_success--conditions--rules--rule_type_id"></a>
+### Nested Schema for `stages.on_success.conditions.rules.rule_type_id`
+
+Read-Only:
+
+- `category` (String) A category for the provider type for the rule.
+- `owner` (String) The creator of the rule being called. Only AWS is supported.
+- `provider` (String) The provider of the service being called by the rule.
+- `version` (String) A string that describes the rule version.
+
+
+
 
 
 

docs/data-sources/ec2_subnet.md

@@ -28,7 +28,8 @@ Data Source schema for AWS::EC2::Subnet
 - `availability_zone_id` (String) The AZ ID of the subnet.
 - `cidr_block` (String) The IPv4 CIDR block assigned to the subnet.
  If you update this property, we create a new subnet, and then delete the existing one.
-- `enable_dns_64` (Boolean) Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*.
+- `enable_dns_64` (Boolean) Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
+  You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a ``0.0.0.0/0`` route pointing to the internet gateway. For more information, see [Configure DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html#nat-gateway-nat64-dns64-walkthrough) in the *User Guide*.
 - `enable_lni_at_device_index` (Number) Indicates the device position for local network interfaces in this subnet. For example, ``1`` indicates local network interfaces in this subnet are the secondary network interface (eth1).
 - `ipv_4_ipam_pool_id` (String) An IPv4 IPAM pool ID for the subnet.
 - `ipv_4_netmask_length` (Number) An IPv4 netmask length for the subnet.

docs/data-sources/ec2_transit_gateway_attachment.md

@@ -36,7 +36,6 @@ Read-Only:
 - `appliance_mode_support` (String) Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable
 - `dns_support` (String) Indicates whether to enable DNS Support for Vpc Attachment. Valid Values: enable | disable
 - `ipv_6_support` (String) Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable
-- `security_group_referencing_support` (String) Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid Values: enable | disable
 
 
 <a id="nestedatt--tags"></a>

docs/data-sources/ec2_transit_gateway_multicast_group_member.md

@@ -28,7 +28,6 @@ Data Source schema for AWS::EC2::TransitGatewayMulticastGroupMember
 - `network_interface_id` (String) The ID of the transit gateway attachment.
 - `resource_id` (String) The ID of the resource.
 - `resource_type` (String) The type of resource, for example a VPC attachment.
-- `source_type` (String) The source type.
 - `subnet_id` (String) The ID of the subnet.
 - `transit_gateway_attachment_id` (String) The ID of the transit gateway attachment.
 - `transit_gateway_multicast_domain_id` (String) The ID of the transit gateway multicast domain.

docs/data-sources/ec2_transit_gateway_multicast_group_source.md

@@ -24,7 +24,6 @@ Data Source schema for AWS::EC2::TransitGatewayMulticastGroupSource
 - `group_ip_address` (String) The IP address assigned to the transit gateway multicast group.
 - `group_member` (Boolean) Indicates that the resource is a transit gateway multicast group member.
 - `group_source` (Boolean) Indicates that the resource is a transit gateway multicast group member.
-- `member_type` (String) The member type (for example, static).
 - `network_interface_id` (String) The ID of the transit gateway attachment.
 - `resource_id` (String) The ID of the resource.
 - `resource_type` (String) The type of resource, for example a VPC attachment.

docs/data-sources/ecs_cluster.md

@@ -28,7 +28,7 @@ Data Source schema for AWS::ECS::Cluster
  The [PutCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
 - `cluster_name` (String) A user-generated string that you use to identify your cluster. If you don't specify a name, CFNlong generates a unique physical ID for the name.
 - `cluster_settings` (Attributes List) The settings to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster. (see [below for nested schema](#nestedatt--cluster_settings))
-- `configuration` (Attributes) The execute command configuration for the cluster. (see [below for nested schema](#nestedatt--configuration))
+- `configuration` (Attributes) The execute command and managed storage configuration for the cluster. (see [below for nested schema](#nestedatt--configuration))
 - `default_capacity_provider_strategy` (Attributes List) The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used. (see [below for nested schema](#nestedatt--default_capacity_provider_strategy))
 - `service_connect_defaults` (Attributes) Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the ``enabled`` parameter to ``true`` in the ``ServiceConnectConfiguration``. You can set the namespace of each service individually in the ``ServiceConnectConfiguration`` to override this default parameter.
  Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*. (see [below for nested schema](#nestedatt--service_connect_defaults))
@@ -58,7 +58,7 @@ Read-Only:
 Read-Only:
 
 - `execute_command_configuration` (Attributes) The details of the execute command configuration. (see [below for nested schema](#nestedatt--configuration--execute_command_configuration))
-- `managed_storage_configuration` (Attributes) (see [below for nested schema](#nestedatt--configuration--managed_storage_configuration))
+- `managed_storage_configuration` (Attributes) The details of the managed storage configuration. (see [below for nested schema](#nestedatt--configuration--managed_storage_configuration))
 
 <a id="nestedatt--configuration--execute_command_configuration"></a>
 ### Nested Schema for `configuration.execute_command_configuration`
@@ -92,8 +92,8 @@ Read-Only:
 
 Read-Only:
 
-- `fargate_ephemeral_storage_kms_key_id` (String)
-- `kms_key_id` (String)
+- `fargate_ephemeral_storage_kms_key_id` (String) Specify the KMSlong key ID for the Fargate ephemeral storage.
+- `kms_key_id` (String) Specify a KMSlong key ID to encrypt the managed storage.
 
 
 

docs/data-sources/kinesisfirehose_delivery_stream.md

@@ -1043,6 +1043,7 @@ Read-Only:
 
 - `authentication_configuration` (Attributes) (see [below for nested schema](#nestedatt--msk_source_configuration--authentication_configuration))
 - `msk_cluster_arn` (String)
+- `read_from_timestamp` (String)
 - `topic_name` (String)
 
 <a id="nestedatt--msk_source_configuration--authentication_configuration"></a>

docs/data-sources/kms_key.md

@@ -63,29 +63,30 @@ Data Source schema for AWS::KMS::Key
   +   ``HMAC_384`` 
   +   ``HMAC_512`` 
 
-  +  Asymmetric RSA key pairs
+  +  Asymmetric RSA key pairs (encryption and decryption *or* signing and verification)
   +   ``RSA_2048`` 
   +   ``RSA_3072`` 
   +   ``RSA_4096`` 
 
-  +  Asymmetric NIST-recommended elliptic curve key pairs
+  +  Asymmetric NIST-recommended elliptic curve key pairs (signing and verification *or* deriving shared secrets)
   +   ``ECC_NIST_P256`` (secp256r1)
   +   ``ECC_NIST_P384`` (secp384r1)
   +   ``ECC_NIST_P521`` (secp521r1)
 
-  +  Other asymmetric elliptic curve key pairs
+  +  Other asymmetric elliptic curve key pairs (signing and verification)
   +   ``ECC_SECG_P256K1`` (secp256k1), commonly used for cryptocurrencies.
 
-  +  SM2 key pairs (China Regions only)
-  +   ``SM2``
+  +  SM2 key pairs (encryption and decryption *or* signing and verification *or* deriving shared secrets)
+  +   ``SM2`` (China Regions only)
 - `key_usage` (String) Determines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ``ENCRYPT_DECRYPT``. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the ``KeyUsage`` value after the KMS key is created.
   If you change the value of the ``KeyUsage`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.
   Select only one valid value.
-  +  For symmetric encryption KMS keys, omit the property or specify ``ENCRYPT_DECRYPT``.
-  +  For asymmetric KMS keys with RSA key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.
-  +  For asymmetric KMS keys with ECC key material, specify ``SIGN_VERIFY``.
-  +  For asymmetric KMS keys with SM2 (China Regions only) key material, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.
-  +  For HMAC KMS keys, specify ``GENERATE_VERIFY_MAC``.
+  +  For symmetric encryption KMS keys, omit the parameter or specify ``ENCRYPT_DECRYPT``.
+  +  For HMAC KMS keys (symmetric), specify ``GENERATE_VERIFY_MAC``.
+  +  For asymmetric KMS keys with RSA key pairs, specify ``ENCRYPT_DECRYPT`` or ``SIGN_VERIFY``.
+  +  For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify ``SIGN_VERIFY`` or ``KEY_AGREEMENT``.
+  +  For asymmetric KMS keys with ``ECC_SECG_P256K1`` key pairs specify ``SIGN_VERIFY``.
+  +  For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ``ENCRYPT_DECRYPT``, ``SIGN_VERIFY``, or ``KEY_AGREEMENT``.
 - `multi_region` (Boolean) Creates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the ``MultiRegion`` value after the KMS key is created.
  For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **.
   If you change the value of the ``MultiRegion`` property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.
@@ -115,5 +116,7 @@ Data Source schema for AWS::KMS::Key
 
 Read-Only:
 
-- `key` (String)
-- `value` (String)
+- `key` (String) The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with ``aws:``. digits, whitespace, ``_``, ``.``, ``:``, ``/``, ``=``, ``+``, ``@``, ``-``, and ``"``.
+ For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
+- `value` (String) The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, ``_``, ``.``, ``/``, ``=``, ``+``, and ``-``.
+ For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).