Merge pull request #1956 from hashicorp/f-08-14-2024-schema-updates

08/14/2024 CloudFormation schema refresh

docs/data-sources/cognito_identity_pool.md

@@ -29,6 +29,7 @@ Data Source schema for AWS::Cognito::IdentityPool
 - `developer_provider_name` (String)
 - `identity_pool_id` (String)
 - `identity_pool_name` (String)
+- `identity_pool_tags` (Attributes Set) An array of key-value pairs to apply to this resource. (see [below for nested schema](#nestedatt--identity_pool_tags))
 - `name` (String)
 - `open_id_connect_provider_ar_ns` (List of String)
 - `push_sync` (Attributes) (see [below for nested schema](#nestedatt--push_sync))
@@ -55,6 +56,15 @@ Read-Only:
 - `streaming_status` (String)
 
 
+<a id="nestedatt--identity_pool_tags"></a>
+### Nested Schema for `identity_pool_tags`
+
+Read-Only:
+
+- `key` (String) The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
+- `value` (String) The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
+
+
 <a id="nestedatt--push_sync"></a>
 ### Nested Schema for `push_sync`
 

docs/data-sources/cognito_log_delivery_configuration.md

@@ -32,11 +32,29 @@ Read-Only:
 
 - `cloudwatch_logs_configuration` (Attributes) (see [below for nested schema](#nestedatt--log_configurations--cloudwatch_logs_configuration))
 - `event_source` (String)
+- `firehose_configuration` (Attributes) (see [below for nested schema](#nestedatt--log_configurations--firehose_configuration))
 - `log_level` (String)
+- `s3_configuration` (Attributes) (see [below for nested schema](#nestedatt--log_configurations--s3_configuration))
 
 <a id="nestedatt--log_configurations--cloudwatch_logs_configuration"></a>
 ### Nested Schema for `log_configurations.cloudwatch_logs_configuration`
 
 Read-Only:
 
 - `log_group_arn` (String)
+
+
+<a id="nestedatt--log_configurations--firehose_configuration"></a>
+### Nested Schema for `log_configurations.firehose_configuration`
+
+Read-Only:
+
+- `stream_arn` (String)
+
+
+<a id="nestedatt--log_configurations--s3_configuration"></a>
+### Nested Schema for `log_configurations.s3_configuration`
+
+Read-Only:
+
+- `bucket_arn` (String)

docs/data-sources/ec2_launch_template.md

@@ -53,7 +53,7 @@ Read-Only:
 - `iam_instance_profile` (Attributes) The name or Amazon Resource Name (ARN) of an IAM instance profile. (see [below for nested schema](#nestedatt--launch_template_data--iam_instance_profile))
 - `image_id` (String) The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch.
  Valid formats:
-  +   ``ami-17characters00000`` 
+  +   ``ami-0ac394d6a3example`` 
   +   ``resolve:ssm:parameter-name`` 
   +   ``resolve:ssm:parameter-name:version-number`` 
   +   ``resolve:ssm:parameter-name:label`` 

docs/data-sources/ec2_subnet_cidr_block.md

@@ -21,6 +21,8 @@ Data Source schema for AWS::EC2::SubnetCidrBlock
 
 ### Read-Only
 
+- `ip_source` (String) The IP Source of an IPv6 Subnet CIDR Block.
+- `ipv_6_address_attribute` (String) The value denoting whether an IPv6 Subnet CIDR Block is public or private.
 - `ipv_6_cidr_block` (String) The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length
 - `ipv_6_ipam_pool_id` (String) The ID of an IPv6 Amazon VPC IP Address Manager (IPAM) pool from which to allocate, to get the subnet's CIDR
 - `ipv_6_netmask_length` (Number) The netmask length of the IPv6 CIDR to allocate to the subnet from an IPAM pool

docs/data-sources/ec2_vpc.md

@@ -30,8 +30,8 @@ Data Source schema for AWS::EC2::VPC
  You can only enable DNS hostnames if you've enabled DNS support.
 - `enable_dns_support` (Boolean) Indicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support).
 - `instance_tenancy` (String) The allowed tenancy of instances launched into the VPC.
-  +  ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.
-  +  ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch.
+  +   ``default``: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.
+  +   ``dedicated``: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of ``host`` during instance launch. You cannot specify a tenancy of ``default`` during instance launch.
 
  Updating ``InstanceTenancy`` requires no replacement only if you are updating its value from ``dedicated`` to ``default``. Updating ``InstanceTenancy`` from ``default`` to ``dedicated`` requires replacement.
 - `ipv_4_ipam_pool_id` (String) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*.

docs/data-sources/lambda_event_source_mapping.md

@@ -23,37 +23,38 @@ Data Source schema for AWS::Lambda::EventSourceMapping
 
 - `amazon_managed_kafka_event_source_config` (Attributes) Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source. (see [below for nested schema](#nestedatt--amazon_managed_kafka_event_source_config))
 - `batch_size` (Number) The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).
-  +   *Amazon Kinesis* – Default 100. Max 10,000.
-  +   *Amazon DynamoDB Streams* – Default 100. Max 10,000.
-  +   *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.
-  +   *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000.
-  +   *Self-managed Apache Kafka* – Default 100. Max 10,000.
-  +   *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000.
-  +   *DocumentDB* – Default 100. Max 10,000.
+  +   *Amazon Kinesis* ? Default 100. Max 10,000.
+  +   *Amazon DynamoDB Streams* ? Default 100. Max 10,000.
+  +   *Amazon Simple Queue Service* ? Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.
+  +   *Amazon Managed Streaming for Apache Kafka* ? Default 100. Max 10,000.
+  +   *Self-managed Apache Kafka* ? Default 100. Max 10,000.
+  +   *Amazon MQ (ActiveMQ and RabbitMQ)* ? Default 100. Max 10,000.
+  +   *DocumentDB* ? Default 100. Max 10,000.
 - `bisect_batch_on_function_error` (Boolean) (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
 - `destination_config` (Attributes) (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it. (see [below for nested schema](#nestedatt--destination_config))
 - `document_db_event_source_config` (Attributes) Specific configuration settings for a DocumentDB event source. (see [below for nested schema](#nestedatt--document_db_event_source_config))
 - `enabled` (Boolean) When true, the event source mapping is active. When false, Lambda pauses polling and invocation.
  Default: True
 - `event_source_arn` (String) The Amazon Resource Name (ARN) of the event source.
-  +   *Amazon Kinesis* – The ARN of the data stream or a stream consumer.
-  +   *Amazon DynamoDB Streams* – The ARN of the stream.
-  +   *Amazon Simple Queue Service* – The ARN of the queue.
-  +   *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).
-  +   *Amazon MQ* – The ARN of the broker.
-  +   *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
+  +   *Amazon Kinesis* ? The ARN of the data stream or a stream consumer.
+  +   *Amazon DynamoDB Streams* ? The ARN of the stream.
+  +   *Amazon Simple Queue Service* ? The ARN of the queue.
+  +   *Amazon Managed Streaming for Apache Kafka* ? The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).
+  +   *Amazon MQ* ? The ARN of the broker.
+  +   *Amazon DocumentDB* ? The ARN of the DocumentDB change stream.
 - `event_source_mapping_id` (String)
 - `filter_criteria` (Attributes) An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html). (see [below for nested schema](#nestedatt--filter_criteria))
 - `function_name` (String) The name or ARN of the Lambda function.
   **Name formats**
- +   *Function name* – ``MyFunction``.
-  +   *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``.
-  +   *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``.
-  +   *Partial ARN* – ``123456789012:function:MyFunction``.
+ +   *Function name* ? ``MyFunction``.
+  +   *Function ARN* ? ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction``.
+  +   *Version or Alias ARN* ? ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD``.
+  +   *Partial ARN* ? ``123456789012:function:MyFunction``.
 
  The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
 - `function_response_types` (List of String) (Streams and SQS) A list of current response type enums applied to the event source mapping.
  Valid Values: ``ReportBatchItemFailures``
+- `kms_key_arn` (String)
 - `maximum_batching_window_in_seconds` (Number) The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.
   *Default (, , event sources)*: 0
   *Default (, Kafka, , event sources)*: 500 ms
@@ -166,13 +167,13 @@ Read-Only:
 Read-Only:
 
 - `type` (String) The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``"Type":"SASL_SCRAM_512_AUTH"``.
-  +   ``BASIC_AUTH`` – (Amazon MQ) The ASMlong secret that stores your broker credentials.
-  +   ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.
-  +   ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.
-  +   ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.
-  +   ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.
-  +   ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.
-  +   ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.
-  +   ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.
-  +   ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
+  +   ``BASIC_AUTH`` ? (Amazon MQ) The ASMlong secret that stores your broker credentials.
+  +   ``BASIC_AUTH`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.
+  +   ``VPC_SUBNET`` ? (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.
+  +   ``VPC_SECURITY_GROUP`` ? (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.
+  +   ``SASL_SCRAM_256_AUTH`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.
+  +   ``SASL_SCRAM_512_AUTH`` ? (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.
+  +   ``VIRTUAL_HOST`` ?- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.
+  +   ``CLIENT_CERTIFICATE_TLS_AUTH`` ? (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.
+  +   ``SERVER_ROOT_CA_CERTIFICATE`` ? (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
 - `uri` (String) The value for your chosen configuration in ``Type``. For example: ``"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"``.

docs/data-sources/s3_bucket.md

@@ -52,7 +52,8 @@ Data Source schema for AWS::S3::Bucket
 - `replication_configuration` (Attributes) Configuration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the ``VersioningConfiguration`` property.
  Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist. (see [below for nested schema](#nestedatt--replication_configuration))
 - `tags` (Attributes List) An arbitrary set of tags (key-value pairs) for this S3 bucket. (see [below for nested schema](#nestedatt--tags))
-- `versioning_configuration` (Attributes) Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them. (see [below for nested schema](#nestedatt--versioning_configuration))
+- `versioning_configuration` (Attributes) Enables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.
+  When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (``PUT`` or ``DELETE``) on objects in the bucket. (see [below for nested schema](#nestedatt--versioning_configuration))
 - `website_configuration` (Attributes) Information used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). (see [below for nested schema](#nestedatt--website_configuration))
 - `website_url` (String)
 
@@ -352,7 +353,9 @@ Read-Only:
 
 Read-Only:
 
-- `partition_date_source` (String) Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime.
+- `partition_date_source` (String) Specifies the partition date source for the partitioned prefix. ``PartitionDateSource`` can be ``EventTime`` or ``DeliveryTime``.
+ For ``DeliveryTime``, the time in the log file names corresponds to the delivery time for the log files. 
+  For ``EventTime``, The logs delivered are for a specific day only. The year, month, and day correspond to the day on which the event occurred, and the hour, minutes and seconds are set to 00 in the key.
 
 
 

docs/data-sources/systemsmanagersap_application.md

@@ -23,8 +23,9 @@ Data Source schema for AWS::SystemsManagerSAP::Application
 
 - `application_id` (String)
 - `application_type` (String)
-- `arn` (String) The ARN of the Helix application
+- `arn` (String) The ARN of the SSM-SAP application
 - `credentials` (Attributes List) (see [below for nested schema](#nestedatt--credentials))
+- `database_arn` (String) The ARN of the SAP HANA database
 - `instances` (List of String)
 - `sap_instance_number` (String)
 - `sid` (String)